SceneLog
Listen to the whispers: web timing attacks that actually work

Listen to the whispers: web timing attacks that actually work

S32 · E11 August 9, 2024

Free on SceneLog — log in or create an account to track it.

Overview

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this session, I'll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface. This is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or 'lab conditions' required. In other words, I'm going to share timing attacks you can actually use

Comments

Be the first to comment.

Leave a comment

Your email won't be published. Comments are reviewed before they appear.