Throwback Thursday | Exploiting Persistent XSS


In this captivating video, Ken “s1ngular1ty” Pyle explores the world of exploiting Cross-Site Scripting (XSS) vulnerabilities on Layer 2 devices like routers and switches. He demonstrates how seemingly innocent XSS or unsanitized input vectors can be transformed into covert network protocols, enabling the routing and file transfer between isolated, air-gapped networks without the need for a router. Ken presents Proof of Concept (PoC) for two sessionless file transfer protocols that cleverly bypass known network controls and remain hidden in log files. These protocols can exfiltrate data or execute malicious code, effectively evading firewalls, VLANs, and network segmentation.

As a renowned specialist in Information Security, exploit development, and penetration testing, Ken Pyle’s expertise shines through in this presentation. With a background as a graduate professor of CyberSecurity and an esteemed lecturer at major industry events, Ken is highly regarded in the field of cybersecurity. His discoveries of critical software vulnerabilities in prominent companies further highlight his prowess, making this video a valuable resource for understanding the intricacies of exploiting XSS on Layer 2 devices and the potential risks it poses to network security.