Denial of Service with a Fistful of Packets - Exploiting Algorithmic Complexity Vulnerabilities
Offered By: Black Hat via YouTube
Course Description
Overview
Explore algorithmic complexity (AC) vulnerabilities in this Black Hat conference talk. Learn how attackers can exploit algorithms to cause significant server workload with minimal input. Discover the mechanics behind decompression bombs and ASCII hex decoding attacks. Witness live demonstrations of unauthenticated vulnerabilities and their impacts on enterprise software. Understand the implications for password strength estimation tools. Gain insights into common themes in AC vulnerabilities and acquire tools to identify and mitigate these risks. Suitable for security professionals and developers interested in enhancing application resilience against denial-of-service attacks.
Syllabus
Introduction
What are algorithmic complexity vulnerabilities
Decompression bombs
ASCII hex decode
Demo
Impact
Unauthenticated Vulnerability
Demonstration
Bonus vulnerability
Impacts
Password Strength Estimation Tool
Impact on Enterprise Software
Demo of Attack
What You Can Do
Common Themes
Tools
Audience
Outro
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube