Sangfor Technologies is proud to announce their presentation – Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server – at DEFCON 29 in Las Vegas on August 7, 2021, outlining several previously unknown SharePoint attack surfaces, mitigations to these attack surfaces, and how these mitigations can be bypassed. The exploits will be demonstrated during the 45-minute presentation.
The presentation, by Sangfor BlueOps members Yuhao Weng and Zhiniang Peng, with security researcher Steven Seeley, selected from thousands submitted to DEFCON, will explain the security architecture of Microsoft SharePoint's server and how it differs from other popular Content Management System (CMS) products. From an offensive perspective, it will reveal several attack surfaces, mitigations implemented against them, and how those mitigations can be bypassed. Several high impact vulnerabilities (including CVE-2021-24072, CVE-2020-17120, and CVE-2020-17017) will be discussed detailing their discovery and exploitation.
SharePoint is the most well-known CMS used to share and manage content within organizations simplifying team collaboration. Zero-day vulnerabilities are exploited by cyber attackers to gain administrative access to networks for data theft or further infiltration and infection of the network.
DEFCON is the largest gathering of hackers from around the world, held annually in Las Vegas, Nevada, and is attended by the world's top security professionals, journalists, researchers, students, law enforcement – and yes, hackers.
Sangfor BlueOps Team
Sangfor BlueOps, Sangfor's highly skilled defensive security testing or blue team, works to improve attack detection and defense strategies for all Sangfor's security solutions. Experienced security teams are the rock-stars of the cyber security world, keeping up with a constant flow of new cyber threats and vulnerabilities. Sangfor's BlueOps team is responsible for ensuring enterprises have the tools they need to respond effectively, identify threats quickly, and keep their software and users safe and productive.
About Sangfor Technologies
Sangfor is a leading global vendor of IT infrastructure and security solutions specializing in Cyber Security and Cloud Computing.
Enjoy FREE use of the VMware ESXi version of Sangfor's Next Generation Application Firewall with free Virtual Public Network and Endpoint Secure endpoint protection, the total solution for a secure network with remote workers. Apply now.