IIS Tilde Enumeration: an evergreen vulnerability – Michele Di Bonaventura – HackInBo® Spring 2023

IIS Tilde Enumeration is a security misconfiguration that allows enumeration of filenames and directories on IIS web servers, through which an attacker can access files that a sysadmin would consider “well-hidden”. It is a vulnerability covered with mystery: despite more than 10 years having passed since its public disclosure it is still a common and widespread issue, and yet very unfamiliar to most people. In this talk we’re going to delve deeper into this evergreen vulnerability by exploring its history to uncover the reasons behind the issue, examining the logic behind it to understand how it works, and by showing its full exploitation process through the study of a real-case scenario found in December 2021 on “portswigger.net” as an example.

👉 If you are looking for a new event to sponsor, a bit unconventional and organised with a deep passion, maybe it’s time to write us an email…

We will be happy to answer all your questions!

MAIL 📧: [email protected]

P.S. take a look at the sponsors who have helped us realise such a fantastic event over the years: https://www.hackinbo.it/sponsor.php

HackInBo® Classic Edition: www.hackinbo.it
HackInBo® Business Edition: www.hackinbo.business
HackInBo® Training: www.hackinbo.training

Facebook: https://www.facebook.com/hackinbo
Twitter: https://www.twitter.com/hackinbo
Linkedin: https://www.linkedin.com/company/hackinbo-group/

#HiB23 #HackInBo #Bologna #TheBestEvent #CyberSecurity