Timing Attacks Have Never Been So Practical - Advanced Cross-Site Search Attacks

Timing Attacks Have Never Been So Practical - Advanced Cross-Site Search Attacks

Black Hat via YouTube Direct link

Introduction

1 of 40

1 of 40

Introduction

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Timing Attacks Have Never Been So Practical - Advanced Cross-Site Search Attacks

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 Title
  3. 3 Agenda
  4. 4 Background
  5. 5 Attacker Example
  6. 6 Advanced CrossSite Search Attacks
  7. 7 Basic CrossSite Search Attack Flow
  8. 8 Step 1 Challenge Search Request
  9. 9 Step 2 Dummy Search Request
  10. 10 Step 2 Challenge Search Request
  11. 11 Step 1 Statistical Tests
  12. 12 Challenges
  13. 13 Response Inflation
  14. 14 Attack on Gmail
  15. 15 Two new attack vectors
  16. 16 Browserbased timing attacks
  17. 17 Classical timing attacks
  18. 18 Algorithmic improvements
  19. 19 Evaluation
  20. 20 Example
  21. 21 Browserbased Optimization
  22. 22 Improved Accuracy
  23. 23 Demo
  24. 24 Limitations
  25. 25 Second Order Attack
  26. 26 Simple Attack
  27. 27 Simple Attack Flow
  28. 28 Inflating Second Order Attack
  29. 29 Extending the Model
  30. 30 How to create an inflating record
  31. 31 Extracting credit card numbers
  32. 32 Sending requests for autocomplete suggestions
  33. 33 Attacked account example
  34. 34 Attacked account demo
  35. 35 Attack success rate
  36. 36 Stealthy attack
  37. 37 Email services
  38. 38 Defenses
  39. 39 Conclusions
  40. 40 Questions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.