00:00 - Introduction 00:55 - Start of nmap 02:50 - Looking at the Javascript, which a lot of information about the webapp 03:10 - Looking at the pac4j jwt vulnerability (CVE-2026-29000) 05:30 - Looking for the JKS (RSA Public Key), going into the javascript and seeing there is an /api/auth/jwks endpoint 06:50 - Start of creating our python to create a forged JWE Token 15:00 - Troubleshooting our token, it isn't valid yet 18:30 - Crafted a valid token, now it is saying we have an invalid role, looking at the javascript to get the correct information 20:30 - Logged into the application, discovering a credential that lets us SSH into the box 22:30 - Poking at the source of the java app, finding more passwords but doesn't really help us 24:20 - Discovering a CA Private Key, with a note saying its valid for SSH, looking at SSH's config 25:50 - Generating a SSH Key, then signing it with the CA giving us the principal of "root" and logging in 28:30 - Little bit of extra information about SSH Key Signing, the AuthorizedPrincipalsFile
Trust cues for videos
Clips curated by TrustOps carry the Curated label. External embeds link out to the original publishers.