Adobe Experience Manager (AEM) is an enterprise-grade CMS and is quite popular among high-profile companies. There are many bug bounty programs with AEM included in the scope. In the talk, the author will share unique methodology on how to approach AEM weabpps in bug bounty programs. Misconfiguration issues, as well as product vulnerabilities, will be covered in the talk, including newly discovered vulnerabilities. The author will present automation tool called “AEM hacker” for discovering vulnerabilities in AEM webapps.
Mikhail Egorov (aka 0ang3el) is a whitehat, security researcher, bug hunter and conference speaker. Currently works full-time as Senior Security Researcher for Acronis. Active on Bugcrowd and H1 platforms. Previously had technical talks on Troopers, Hack In The Box, Hacktivity, ZeroNights, PHDays, HighLoad conferences.