Overview
Explore TLS certificate validation vulnerabilities and their exploitation in this DEF CON 31 conference talk that examines the security challenges in TLS implementations. Dive into the complexities of TLS as the standard protocol for securing network connections, focusing on how certificate validation can be compromised despite its promise of confidentiality, integrity, and authentication. Learn about common pitfalls in TLS libraries and frameworks, including insecure default settings and implementation oversights that developers frequently encounter. Witness practical demonstrations using certmitm, a new TLS man-in-the-middle tool that automatically identifies and exploits certificate validation vulnerabilities. Follow along with real-world exploitation examples targeting iOS and Windows 11 systems while gaining deep insights into the mechanisms of insecure TLS certificate validation.
Syllabus
DEF CON 31 - certmitm Automatic Exploitation of TLS Certificate Validation Vulns - Aapo Oksman
Taught by
DEFCONConference