Compression Oracle Attacks on VPN Networks
Offered By: Black Hat via YouTube
Course Description
Overview
Explore compression oracle attacks on VPN networks in this 43-minute Black Hat conference talk. Delve into the vulnerabilities of browser requests and responses tunneling HTTP traffic through VPNs, and investigate potential attacks on ESP Compression and other encryption-based optimizations in tunneled traffic. Learn about compression basics, observe encrypted traffic, and understand the CRIME attack. Examine the setup, requirements, and detection methods for these attacks, with a focus on Chrome and CloudFlare implementations. Gain insights into future attack possibilities, including TimeBreach and TLS VPNs. Conclude with a summary and Q&A session led by speaker Ahamed Nafeez.
Syllabus
Introduction
What is Compression
What Compression means
Compression Oracle Attack
Observing Encrypted Traffic
Crime Massive Code
Future Attacks
Time
Breach
TLS VPNs
The Attack
Requirements
Setup
Chrome
Detection
Compression Oracle
CloudFlare
My Take
Summary
Questions
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube