Practical New Developments in The Breach Attack
Offered By: Black Hat via YouTube
Course Description
Overview
Explore new developments in the BREACH attack on SSL connections in this 53-minute Black Hat conference talk. Learn about practical extensions to the attack against common encryption ciphers, command-and-control techniques for exploiting plain HTTP connections, and statistical methods to bypass noise in block ciphers and web applications. Discover parallelization and optimization techniques, novel mitigation strategies, and a tool implementation with experimental results on popular web services. Gain insights into HTTPS vulnerabilities, alternative secrets, artificial noise, browser polarization, and persistence methods. Understand the implications for first-party cookies and future cybersecurity challenges.
Syllabus
Introduction
Who are we
HTTPS is broken
Overview
Original Research
Breach Assumptions
Methodology
Other Contributions
Alternative Secrets
Call Methods
Artificial Noise
New Block
Noises
Optimizations
Example
Requests Soup
Browser Polarization
Rupture
Rapture Components
Attack Diagram
Persistence
Repo
Backend
Lengths
Mitigation
First Party Cookies
Future Work
Takeaways
Questions
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube