Overview
Explore novel attacks on mTLS authentication in this 19-minute DEF CON 31 conference talk that examines implementation vulnerabilities in x509 certificate-based authentication systems. Discover how developers can inadvertently create security flaws leading to user impersonation, privilege escalation, and information leakages in zero-trust networks. Learn about recently discovered CVEs in popular open-source identity servers, their exploitation methods, and gain practical insights into identifying these vulnerabilities in source code. Master the fundamentals of secure mTLS implementation without diving into complex cryptography, focusing instead on real-world security implications and best practices for certificate-based authentication systems.
Syllabus
DEF CON 31 - mTLS When Certificate Authentication Done Wrong Michael Stepankin
Taught by
DEFCONConference