Cats in My Certificate Transparency Logs
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore the world of Certificate Transparency (CT) logs in this 33-minute conference talk from BSidesSF 2019. Dive deep into the mechanics of CT logs, their role in web security, and their potential for misuse. Learn how these append-only logs bring auditability and accountability to the public web certificate ecosystem. Discover the importance of CT logging in modern browsers like Chrome and its impact on the web's ecosystem. Investigate novel and potentially nefarious uses of CT logs, including their unexpected role as a repository for cat pictures. Gain insights into the structure of CT logs, Signed Certificate Timestamps (SCTs), and how they can be exploited. Through examples and demonstrations, understand concepts like public keys, persistent data storage, chunking, and cataloging in the context of CT logs. Conclude with a discussion on entropy, multi-domain certificates, and final thoughts on the implications of this technology for internet security and unexpected uses.
Syllabus
Intro
Alice and Bob
Certificate Authorities
Cats
Certificate Transparency
What is a CT Log
How does a CT Log protect us
What is an SCT
How SCT logs can be abused
Public keys
Persistent data storage
Example
Chunking
Catalog
Demo
Who is this person
Summary
Entropy
Googlecom
Multidomain ProPer
Wrap Up
Final Thoughts
Outro
Taught by
Security BSides San Francisco
Related Courses
Azure AI Workflow and PipelinesA Cloud Guru AWS ML Engineer Associate 1.3 Validação e preparação de dados para modelagem (Português) | AWS ML Engineer Associate 1.3 Validate Data and Prepare for Modeling (Portuguese)
Amazon Web Services via AWS Skill Builder BigQuery for Data Analysts
Google Cloud via Coursera Clinical Trials Data Management and Quality Assurance
Johns Hopkins University via Coursera Clinical Trials: Good Clinical Practice
Novartis via Coursera