YoVDO

HEIST - HTTP Encrypted Information can be Stolen Through TCP-Windows

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Web Development Courses Cybersecurity Courses Network Security Courses Side Channel Attacks Courses Network Protocols Courses TCP Courses

Course Description

Overview

Explore a groundbreaking set of techniques called HEIST (HTTP Encrypted Information can be Stolen Through TCP-Windows) that enables browser-based attacks against SSL/TLS and other secure channels. Delve into this 50-minute Black Hat conference talk by Tom Van Goethem and Mathy Vanhoef, which introduces a novel side-channel attack capable of leaking the exact size of cross-origin responses. Discover how HEIST exploits vulnerabilities in browsers, HTTP, SSL/TLS, and TCP layers to perform compression-based attacks like CRIME and BREACH without requiring network access. Learn about the potential for extracting sensitive information from popular websites and the increased impact of HEIST when used with HTTP/2. Gain insights into the widespread applicability of these attack techniques and their implications for online security and privacy.

Syllabus

HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube