Name: Following The JSON Path: A Road Paved in RCE
Start: 2025-06-03T14:00:00-0400
End: 2025-06-03T14:50:00-0400

Streaming: https://mssvideo.vcu.edu/RVAsec

Tuesday June 3, 2025 2:00pm - 2:50pm EDT

Upstairs, Grand Ballroom F/G

Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.

Speakers

Nick Copi

AppSec Engineer, CarMax

Nick Copi is an application security engineer at CarMax who in his spare time immerses himself in security research and bug bounty. With a background spanning from building full stack web applications to pioneering application security initiatives at CarMax, he brings a wealth of... Read More →

Tuesday June 3, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

RVAsec 14

Nick Copi

Attendees (6)

RVAsec 14

Nick Copi

Attendees (6)

Log in to save this to your schedule, view media, leave feedback and see who's attending!