Racing Towards Practical Timing Attacks
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the practical implications of timing side-channel attacks in web applications through this 50-minute Black Hat conference talk. Delve into the detection and exploitability of timing vulnerabilities in common scenarios, including database queries, message authentication codes, web API keys, OAuth tokens, and login functions. Learn about the 'time trial' tool and gain insights into measuring timing differences remotely across various network environments. Understand the significance of these attacks for defensive security, penetration testing, and research roles. Examine experimental results demonstrating precise timing measurements and their distinguishability in modern web frameworks and servers. Gain a comprehensive update on the state-of-the-art in exploiting timing attacks and evaluate their severity and impact on web application security.
Syllabus
Intro
Side-Channel Attacks
Timing Side-Channels
Basic Timing Side-Channel
Prior Work!
Real Jitter
Statistical Methods
Why a tool for timing attacks?
Goals and Design
Optimizations
Timing Resolution: Loopback
Overview of Results
String comparison
Microbenchmarks (in nanoseconds)
Branching
Time-Based Padding Oracle
Future Plans
Taught by
Black Hat
Related Courses
Network SecurityGeorgia Institute of Technology via Udacity Proactive Computer Security
University of Colorado System via Coursera Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Hacker101
HackerOne via Independent CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent