Категории

Chain of Fools: An Exploration of Certificate Chain Validation Mishaps

Опубликовано: 28 Сентябрь 2024
на канале: Black Hat
7,700
65

By James Barclay, Nick Mooney and Olabode Anise

In this talk, we explore the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited, and how widespread usage of APIs like Android SafetyNet are in certain verticals. We also propose recommendations for both implementers and cryptographic API authors, like choosing misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...

play_arrow
78,418
1.2 тыс

Extended Highlights: INCREDIBLE Semenyo-inspired second-half turnaround in Luton victory

Extended Highlights: INCREDIBLE Semenyo-inspired second-half turnaround in Luton victory
play_arrow
10,317
85

MU Archangel ENE Elf Build. Skills, Properties, and Constellations. Enjoy!

MU Archangel ENE Elf Build. Skills, Properties, and Constellations. Enjoy!
play_arrow
64,508
455

The Unicorn Head Mask from ThinkGeek

The Unicorn Head Mask from ThinkGeek
play_arrow
43,957
449

Biadab! Siswi SMP di Pati Disekap 4 Bulan dan Dijadikan Budak Seks Hingga Hamil | Kabar Siang tvOne

Biadab! Siswi SMP di Pati Disekap 4 Bulan dan Dijadikan Budak Seks Hingga Hamil | Kabar Siang tvOne
play_arrow
4,490
164

VERY DETAILED | Gemini Jets 1:400 Scale Replica of Keflavik International Airport

VERY DETAILED | Gemini Jets 1:400 Scale Replica of Keflavik International Airport
play_arrow
634
3

Когда нужно срочно выполнить план Лучшие гайцы

Когда нужно срочно выполнить план Лучшие гайцы
play_arrow
165
10

Highly Transphobic Television Movie... (Films 2021 Part 2)

Highly Transphobic Television Movie... (Films 2021 Part 2)
play_arrow
17
like

Son Goku Edit/

Son Goku Edit/
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample