We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Low Code High Risk - Enterprise Domination via Low Code Abuse

00:00

Formal Metadata

Title
Low Code High Risk - Enterprise Domination via Low Code Abuse
Title of Series
Number of Parts
85
Author
Contributors
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Why focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT? Low-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain. In this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared. Finally, we will introduce an open-source recon tool that identifies opportunities for lateral movement and privilege escalation through low-code platforms.
Menu (computing)Enterprise architectureCodeFocus (optics)Computer animation
Information securityPoint cloudPerspective (visual)CodePlane (geometry)Computer fontAdditionMultiplication signTwitterMereologyInternet der Dinge2 (number)Point cloudCASE <Informatik>Information securityEnterprise architectureComputing platformSpacetimePerspective (visual)EntropiecodierungSelf-organizationComputer animation
CodeTime evolutionProduct (business)Mobile appMobile WebEnterprise architectureSystem programmingSoftware as a serviceMultiplication signMereologyEnterprise architectureCASE <Informatik>Data storage deviceEntropiecodierungInformation securityKeyboard shortcutService (economics)SoftwareInterface (computing)Axiom of choiceMacro (computer science)EmailComputing platformCartesian coordinate systemPoint cloud10 (number)Computing platformIdentity managementSelf-organizationBuildingPower (physics)Hacker (term)Moment (mathematics)Web pageGame controllerOffice suiteDrop (liquid)Drag (physics)Computer animation
GEDCOMAuthenticationDemosceneToken ringInformationFacebookGoogolCompilerSQL ServerDependent and independent variablesEmailService (economics)Group actionSoftware as a serviceRight angleMultiplication signEncryptionAuthenticationComputing platformTrailPower (physics)CuboidOrder (biology)Token ringComputer clusterFunctional (mathematics)MereologyConnected spacePerspective (visual)10 (number)Operator (mathematics)Cartesian coordinate systemSoftwareWindowIdentity managementShared memoryDefault (computer science)DataflowQuicksortRevision controlRoutingHacker (term)RootDifferent (Kate Ryan album)Information securityIntegrated development environmentEntropiecodierungEnterprise architectureComputing platformSelf-organizationBusiness modelPoint (geometry)Office suiteServer (computing)WebsiteComputer fileElectronic mailing listGastropod shellAutomationScheduling (computing)Computer animation
RootComputing platformEmailVirtual machineService (economics)MalwareLink (knot theory)Metropolitan area networkDependent and independent variablesE-learningEvent horizonEntropiecodierungCartesian coordinate systemSoftwareEntire functionData storage deviceToken ringComputing platformDomain nameMereologyOrder (biology)Power (physics)Point cloudPort scannerConnected spaceSoftware as a serviceIdentity managementTable (information)Line (geometry)EmailDifferent (Kate Ryan album)Functional (mathematics)WindowWeb browserLatent heatLink (knot theory)Content (media)QuicksortElectronic mailing listMaterialization (paranormal)Multiplication signConnectivity (graph theory)Self-organizationGoodness of fitComputing platformWrapper (data mining)Computer wormGastropod shellSingle-precision floating-point formatLocal ringConfiguration spaceShared memoryComputer animation
Cartesian coordinate systemWindowGame theorySelf-organizationShared memoryHacker (term)Operator (mathematics)MereologyOrder (biology)Identity managementConnected spaceMultilaterationEmailSystem administratorLink (knot theory)Power (physics)FlagKey (cryptography)Computer animation
MereologyComputing platformEntropiecodierungSelf-organizationComputer animation
Machine codeHacker (term)BlogComputing platformComputer fileCore dumpBroadcast programmingEncryptionWritingDrop (liquid)Group actionPower (physics)Data managementConvex hullElectronic mailing listComputer wormConnected spaceDataflowLatent heatAttribute grammarOrder (biology)Term (mathematics)Group actionPower (physics)Multiplication signSingle-precision floating-point formatInformation securityWebsiteComputing platformEntire functionComputing platformComputer fileSoftwareRandomizationDatabaseTwitterElectronic mailing listRevision controlLoginMereologyCovering spacePoint cloudRemote procedure callInformationCartesian coordinate systemDependent and independent variables1 (number)Hacker (term)Domain nameSlide rulePoint (geometry)EntropiecodierungComputer animation
Revision controlCommon Language InfrastructureControl flowFactory (trading post)BlogWrapper (data mining)Backdoor (computing)Electronic program guideOrder (biology)Power (physics)Computing platformVector spaceComputer animation
Default (computer science)Sheaf (mathematics)Operator (mathematics)Computing platformEntropiecodierungDifferent (Kate Ryan album)Hacker (term)QuicksortSelf-organizationSoftware developerRight angleCartesian coordinate systemComputer animation
Web portalPower (physics)Web pageComputing platformInstance (computer science)Sign (mathematics)Default (computer science)Mobile appStandard deviationCommunications protocolAccess SQLTable (information)Uniform resource locatorMortality rateBlogLeakVariable (mathematics)Token ringSimultaneous localization and mappingScale (map)Computer-generated imageryVideoconferencingVulnerability (computing)Key (cryptography)AuthenticationEmailEvent horizonElectronic mailing listData storage deviceMachine codeClient (computing)CodeInformationGroup actionString (computer science)Query languageConvex hullMaxima and minimaError messageDatenverknüpfungCryptographyZoom lensAdditionEnterprise architecturePlane (geometry)Information securitySystem identificationInstallation artBackdoor (computing)Self-organizationConfiguration spaceProxy serverDatabaseDefault (computer science)Cartesian coordinate systemObject (grammar)Service (economics)Computing platformPower (physics)AuthenticationToken ringForm (programming)MereologyData storage deviceCASE <Informatik>Enumerated typeQuicksortWeb portalFocus (optics)Error messageElectronic mailing listEnterprise architectureState of matterInformation securityComputing platformPasswordElectronic program guideMultilaterationHacker (term)Ubiquitous computingPredictabilityBlock (periodic table)Drop (liquid)WebsiteBackdoor (computing)Configuration spaceInformationRow (database)Integrated development environmentFlagProxy serverOrder (biology)SpacetimeConnected spaceNumbering schemeSelf-organizationGlobale BeleuchtungDomain nameStandard deviationMultiplication signEntropiecodierungSensitivity analysisEstimatorVariable (mathematics)
Computer animation
Transcript: English(auto-generated)