Practical New Developments in The Breach Attack

preview_player
Показать описание
by Dionysios Zindros & Dimitris Karakostas

In 2013, BREACH was the sensation of Black Hat USA, introducing a still not mitigated attack vector that exploited compression to compromise SSL connections.

In this talk, we propose new methods to practically extend the attack against the most commonly used encryption ciphers. We describe a command-and-control technique to exploit plain HTTP connections in order to perform the attack in a persistent manner. We also present new statistical methods that can be used to bypass noise present in block ciphers as well as to avoid noise present in usual web applications. Parallelization and optimization techniques are also explored.

We will close the talk by proposing novel mitigation techniques. Finally, we will reveal our tool implementation, as well as experimental results on popular web services.
  1. Black Hat
  2. Black Hat Asia 2016
  3. Information Security
  4. InfoSec
  5. BlackHat
  6. Black Hat
Рекомендации по теме
Practical New Developments 0:53:18

Practical New Developments in The Breach Attack

THE GOSPEL AND 1:22:23

THE GOSPEL AND THE PRACTICE OF MINISTRY | PART 2

Nepal Premiere League 0:08:08

Nepal Premiere League Preparation in TU | Team Nepal practice session | TU ground Situation Update

A Terrible Sailing 0:08:47

A Terrible Sailing Accident - SV Platino

New developments in 0:14:18

New developments in intravascular lithotripsy after 5 years of clinical practice - EuroPCR 2023

Practice makes progress 0:00:30

Practice makes progress ❤️

Kitchen Tools Vocabulary 0:00:33

Kitchen Tools Vocabulary Words | English Speaking Practice With Ananya | #shorts Build Vocabulary

5 ways to 0:00:36

5 ways to build strength every yoga practice

Yves Missi on 0:02:50

Yves Missi on his progress, blocking shots | Pelicans Practice 11/26/24

Web Development In 2:43:32

Web Development In 2024 - A Practical Guide

Agile in Practice: 0:03:34

Agile in Practice: Test Driven Development

Learning New Bike 0:00:17

Learning New Bike Tricks! Practice Makes Progress!

how to build 0:27:51

how to build REAL SELF-LOVE | practical methods to grow it daily, self-love prompts & misconcept...

The Top Kitchen 0:13:44

The Top Kitchen Design Trends in 2024! | Timeless & Practical

New levels Practice 0:00:12

New levels Practice Progress #shorts

Handstand Canes One 0:00:47

Handstand Canes One Month Progress Update #acrobatics #calisthenics #practice #balance #circus

Practice makes progress 0:00:10

Practice makes progress right 🔥

Build Speed on 0:00:21

Build Speed on Drums | RTOM MoonGEL Workout Practice Pad | Single Stroke Roll

i’ve progressed sm 0:00:15

i’ve progressed sm lately #figureskating #progress #practice #icerink #trending

New developments in 1:01:42

New developments in practice and procedure at the Privy Council

Barashada New Concept 0:02:55

Barashada New Concept Practice and progress B Qaybta 1aad

Paradigms Without Progress: 0:42:55

Paradigms Without Progress: Kuhnian Reflections on Programming Practice

Yale Researchers Aim 0:04:20

Yale Researchers Aim to Build the First Practical Quantum Computers

“How long do 0:00:59

“How long do I need to practice to progress?”

Комментарии
Автор

At 47:04 the guy who passes the microphone is Angelo one of the original BREACH creators right? very cool crossover haha

BTW awesome job with Rupture!

brandoncejacruz
Автор

Great presentation guys!! Very good stuff.

Lets say Facebook loaded the message search page with the request search term ("bla_bla_bla") encoded in base64. Something like this:

var $encoded_search_term = "YmxhX2JsYV9ibGE="

And on the page load decode it before using it on the remaining template.

var $decoded_search_term = atob($encoded_search_term);

So the template would just use the context variable:

"args": {
"q": "{{ $decoded_search_term }}",
"__ajax__": ""
},

That would solve the problem, right?

rafaelp
Автор

Hello I am a beginner and want to learn some breakthroughs or detecting gaps and I want to help

deathcars