Explore novel attacks on mTLS authentication in this 19-minute DEF CON 31 conference talk that examines implementation vulnerabilities in x509 certificate-based authentication systems. Discover how developers can inadvertently create security flaws leading to user impersonation, privilege escalation, and information leakages in zero-trust networks. Learn about recently discovered CVEs in popular open-source identity servers, their exploitation methods, and gain practical insights into identifying these vulnerabilities in source code. Master the fundamentals of secure mTLS implementation without diving into complex cryptography, focusing instead on real-world security implications and best practices for certificate-based authentication systems.
mTLS: When Certificate Authentication Goes Wrong - Security Implementation Vulnerabilities
Overview
Syllabus
DEF CON 31 - mTLS When Certificate Authentication Done Wrong Michael Stepankin
Taught by
DEFCONConference
Related Courses
-
MTLS - When Certificate Authentication is Done Wrong
-
TLS and MTLS - Introduction to Modern Security
-
Automatic Exploitation of TLS Certificate Validation Vulnerabilities
-
Abusing Mixed Vendor Kerberos Stacks - Exploiting Windows AD and Linux Authentication
-
The Cloudflare MTLS Vulnerability - A Deep Dive Analysis
-
Exploiting Cloud Connectivity to Compromise Network-Attached Storage Devices
