HONG KONG, July 26 (Bernama-PRNewswire) — Sangfor Technologies is proud to announce their presentation – Don’t Dare to Exploit – An Attack Surface Tour of SharePoint Server – at DEFCON 29 in Las Vegas on August 7, 2021, outlining several previously unknown SharePoint attack surfaces, mitigations to these attack surfaces, and how these mitigations can be bypassed. The exploits will be demonstrated during the 45-minute presentation.
The presentation, by Sangfor BlueOps members Yuhao Weng and Zhiniang Peng, with security researcher Steven Seeley, selected from thousands submitted to DEFCON, will explain the security architecture of Microsoft SharePoint’s server and how it differs from other popular Content Management System (CMS) products. From an offensive perspective, it will reveal several attack surfaces, mitigations implemented against them, and how those mitigations can be bypassed. Several high impact vulnerabilities (including CVE-2021-24072, CVE-2020-17120, and CVE-2020-17017) will be discussed detailing their discovery and exploitation.