Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

PRNG Pwning Random Number Generators in PHP Applications

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced techniques for exploiting randomness vulnerabilities in PHP applications in this Black Hat USA 2012 conference talk. Delve into the predictability of password reset tokens and learn how attackers can compromise user accounts by predicting PHP core randomness generators. Discover a suite of novel tools and methods that surpass previously known attacks, capable of targeting all PHP core system PRNGs, even those protected by the Suhosin extension. Examine practical attack demonstrations on popular PHP applications like Mediawiki, Gallery, osCommerce, and Joomla, resulting in complete user account takeovers. While focused on PHP, understand how these principles apply to any system using weak randomness generators or low entropy sources. Gain insights into tools for exploiting randomness vulnerabilities and access exploits for vulnerable applications presented by security researchers George Argyros and Aggelos Kiayias.

Syllabus

Black Hat USA 2012 - PRNG Pwning Random Number Generators (In PHP Applications)

Taught by

Black Hat

Reviews

Start your review of PRNG Pwning Random Number Generators in PHP Applications

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.