Explore compression oracle attacks on VPN networks in this 43-minute Black Hat conference talk. Delve into the vulnerabilities of browser requests and responses tunneling HTTP traffic through VPNs, and investigate potential attacks on ESP Compression and other encryption-based optimizations in tunneled traffic. Learn about compression basics, observe encrypted traffic, and understand the CRIME attack. Examine the setup, requirements, and detection methods for these attacks, with a focus on Chrome and CloudFlare implementations. Gain insights into future attack possibilities, including TimeBreach and TLS VPNs. Conclude with a summary and Q&A session led by speaker Ahamed Nafeez.
Overview
Syllabus
Introduction
What is Compression
What Compression means
Compression Oracle Attack
Observing Encrypted Traffic
Crime Massive Code
Future Attacks
Time
Breach
TLS VPNs
The Attack
Requirements
Setup
Chrome
Detection
Compression Oracle
CloudFlare
My Take
Summary
Questions
Taught by
Black Hat
