Explore TLS certificate validation vulnerabilities and their exploitation in this DEF CON 31 conference talk that examines the security challenges in TLS implementations. Dive into the complexities of TLS as the standard protocol for securing network connections, focusing on how certificate validation can be compromised despite its promise of confidentiality, integrity, and authentication. Learn about common pitfalls in TLS libraries and frameworks, including insecure default settings and implementation oversights that developers frequently encounter. Witness practical demonstrations using certmitm, a new TLS man-in-the-middle tool that automatically identifies and exploits certificate validation vulnerabilities. Follow along with real-world exploitation examples targeting iOS and Windows 11 systems while gaining deep insights into the mechanisms of insecure TLS certificate validation.
Automatic Exploitation of TLS Certificate Validation Vulnerabilities
Overview
Syllabus
DEF CON 31 - certmitm Automatic Exploitation of TLS Certificate Validation Vulns - Aapo Oksman
Taught by
DEFCONConference
Related Courses
-
How to Stop Man-in-the-Middle and Downgrade Attacks in Your Apps
-
Racing for TLS Certificate Validation: A Hijacker's Guide to the Android TLS Galaxy
-
Credential Access with Cain & Abel
-
Breaking into Secure Facilities with OSDP - Vulnerabilities and Exploitation Techniques
-
Self-Signed Certificates: Exploiting Insecure Certificate Validation in iOS and macOS
-
Ethical Hacking With Python, JavaScript and Kali Linux
