Tutorial on SSTI and Privilege Escalation
Tutorial, University of New Mexico, Albuquerque, NM, USA
This tutorial was delivered as a guest lecture in CS544 Intro to Cybersecurity. I performed a real-time walkthrough of exploiting the Hack The Box (HTB) machine “Perfection.” The session focused on leveraging a Ruby-based Server-Side Template Injection (SSTI) vulnerability to gain a reverse shell on the target server.