YoVDO

Racing Towards Practical Timing Attacks

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Penetration Testing Courses Statistical Methods Courses Defensive Security Courses Timing Attacks Courses

Course Description

Overview

Explore the practical implications of timing side-channel attacks in web applications through this 50-minute Black Hat conference talk. Delve into the detection and exploitability of timing vulnerabilities in common scenarios, including database queries, message authentication codes, web API keys, OAuth tokens, and login functions. Learn about the 'time trial' tool and gain insights into measuring timing differences remotely across various network environments. Understand the significance of these attacks for defensive security, penetration testing, and research roles. Examine experimental results demonstrating precise timing measurements and their distinguishability in modern web frameworks and servers. Gain a comprehensive update on the state-of-the-art in exploiting timing attacks and evaluate their severity and impact on web application security.

Syllabus

Intro
Side-Channel Attacks
Timing Side-Channels
Basic Timing Side-Channel
Prior Work!
Real Jitter
Statistical Methods
Why a tool for timing attacks?
Goals and Design
Optimizations
Timing Resolution: Loopback
Overview of Results
String comparison
Microbenchmarks (in nanoseconds)
Branching
Time-Based Padding Oracle
Future Plans


Taught by

Black Hat

Related Courses

Network Security
Georgia Institute of Technology via Udacity
Proactive Computer Security
University of Colorado System via Coursera
Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera
Hacker101
HackerOne via Independent
CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent