Having Fun with RegEx - Speaker Deck

Slide 1

Slide 1 text

Having Fun with Regex By: Harsh Bothra

Slide 2

Slide 2 text

Ex’s are everywhere aren’t they!

Slide 3

Slide 3 text

Boring Part – Who Am I ? The same guy who bored you last time. For new guys: • Cyber Security Analyst at @Detox Technologies • Synack Red Teamer • Bugcrowd Top 150 & MVP Q1 Q2 • Lazy Bug Bounty Hunter • Speaker at various Conferences & Chapters • Author of Multiple Hacking Books • Poet | Writer | Learner

Slide 4

Slide 4 text

Agenda • Revealing the Face of Monster – Regex • Regex for Cyber Security • Basic Regex Directives • Playing around Regex • ReDoS Attacks • Finding out Regex in Pentesting Engagements • Q/As

Slide 5

Slide 5 text

Revealing the Face of Monster Regex

Slide 6

Slide 6 text

REGEX DIRECTIVES [] {} ()

Slide 7

Slide 7 text

Directives (1) Alphabets : a-z A-Z Digits : 0-9 \d : any digit from 0-9 \D : any Non-digit character . (DOT) : wildcard – match any character \. : to match . (dot) itself - (hyphen) : Range Match specific characters: [characters to match]

Slide 8

Slide 8 text

Directives (2) Exclusions: [^chars_to_exclude] Repetition: char{m,n} Kleene Star : * (Zero or More Repetition) Kleene Plus : + (One or More Repetition) Optional Characters: ? \? : match ? Itself White Spaces: \s Non-White Spaces: \S

Slide 9

Slide 9 text

Directives (3) Starting : ^ Ending : $ Grouping: () Nested Grouping: (group1(group2)) Conditionals: (a|b) Case Insensitive: \i Global Search: \g

Slide 10

Slide 10 text

Let’s See things in Action

Slide 11

Slide 11 text

https://regexone.com/ https://regexr.com/ https://regex101.com/

Slide 12

Slide 12 text

ReDoSAttacks & Regex in Pentesting

Slide 13

Slide 13 text

Q/A are welcomed !

Slide 14

Slide 14 text

Get in Touch at @harshbothra_ Website – https://harshbothra.tech Twitter - @harshbothra_ Instagram - @harshbothra_ Medium - @hbothra22 LinkedIn - @harshbothra SpeakerDeck - @harshbothra Email – hbothra22@gmail.com THANKS