Exploit, Detect, Block: A Live Workshop on Application Attack Defense

Topic Exploit, Detect, Block: A Live Workshop on Application Attack Defense Abstract Most application attacks succeed not because defenders lacked a tool, but because the tools they have are watching the wrong layer. Code scanners catch what gets written. Network controls catch what crosses the wire. Endpoint tools catch what the OS does. The application itself, the layer where exploits actually execute, often runs without any meaningful observation at all. This workshop closes that gap in the most direct way possible: by running real attacks and watching what a runtime detection and response layer sees as the code executes. Participants will work through a series of live exploits against vulnerable applications, like server-side template injection, unsafe deserialization, OGNL injection, and SQL injection patterns drawn from real CVEs like MOVEit. The workshop will showcase both detection and blocking scenarios, enabling observation of a full attack path as well as seeing how the lsm (Linux Security Module) can be leveraged to prevent attacks. The goal is to build…