Practical New Developments in The Breach Attack
Offered By: Black Hat via YouTube
Course Description
Overview
Explore new developments in the BREACH attack on SSL connections in this 53-minute Black Hat conference talk. Learn about practical extensions to the attack against common encryption ciphers, command-and-control techniques for exploiting plain HTTP connections, and statistical methods to bypass noise in block ciphers and web applications. Discover parallelization and optimization techniques, novel mitigation strategies, and a tool implementation with experimental results on popular web services. Gain insights into HTTPS vulnerabilities, alternative secrets, artificial noise, browser polarization, and persistence methods. Understand the implications for first-party cookies and future cybersecurity challenges.
Syllabus
Introduction
Who are we
HTTPS is broken
Overview
Original Research
Breach Assumptions
Methodology
Other Contributions
Alternative Secrets
Call Methods
Artificial Noise
New Block
Noises
Optimizations
Example
Requests Soup
Browser Polarization
Rupture
Rapture Components
Attack Diagram
Persistence
Repo
Backend
Lengths
Mitigation
First Party Cookies
Future Work
Takeaways
Questions
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network