Explore a critical cybersecurity conference talk from DEF CON 31 that delves into a systemic vulnerability affecting digital signature validation implementations. Learn how attackers can exploit valid certificates in unintended ways, particularly focusing on how SSL and S/MIME certificates can be misused despite being designed for different purposes than code signing. Understand the fundamental differences between certificate types, their validation requirements, and how vulnerable implementations incorrectly validate files signed with incompatible certificates. Discover real-world implications of this security flaw across multiple formats, from theoretical foundations to practical applications, and gain insights into how threat actors can potentially sign untrusted code with minimal effort or cost.
Overview
Syllabus
DEF CON 31 - A SSLippery Slope - Unraveling Hidden Dangers of Certificate Misuse - Bill Demirkapi
Taught by
DEFCONConference