YoVDO

Cats in My Certificate Transparency Logs

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Web Security Courses Data Integrity Courses Public Key Infrastructure Courses Certificate Transparency Courses

Course Description

Overview

Explore the world of Certificate Transparency (CT) logs in this 33-minute conference talk from BSidesSF 2019. Dive deep into the mechanics of CT logs, their role in web security, and their potential for misuse. Learn how these append-only logs bring auditability and accountability to the public web certificate ecosystem. Discover the importance of CT logging in modern browsers like Chrome and its impact on the web's ecosystem. Investigate novel and potentially nefarious uses of CT logs, including their unexpected role as a repository for cat pictures. Gain insights into the structure of CT logs, Signed Certificate Timestamps (SCTs), and how they can be exploited. Through examples and demonstrations, understand concepts like public keys, persistent data storage, chunking, and cataloging in the context of CT logs. Conclude with a discussion on entropy, multi-domain certificates, and final thoughts on the implications of this technology for internet security and unexpected uses.

Syllabus

Intro
Alice and Bob
Certificate Authorities
Cats
Certificate Transparency
What is a CT Log
How does a CT Log protect us
What is an SCT
How SCT logs can be abused
Public keys
Persistent data storage
Example
Chunking
Catalog
Demo
Who is this person
Summary
Entropy
Googlecom
Multidomain ProPer
Wrap Up
Final Thoughts
Outro


Taught by

Security BSides San Francisco

Related Courses

Azure AI Workflow and Pipelines
A Cloud Guru
AWS ML Engineer Associate 1.3 Validação e preparação de dados para modelagem (Português) | AWS ML Engineer Associate 1.3 Validate Data and Prepare for Modeling (Portuguese)
Amazon Web Services via AWS Skill Builder
BigQuery for Data Analysts
Google Cloud via Coursera
Clinical Trials Data Management and Quality Assurance
Johns Hopkins University via Coursera
Clinical Trials: Good Clinical Practice
Novartis via Coursera