Overview
Explore advanced web race condition attack techniques in this DEF CON 31 conference talk that goes beyond traditional limit-overrun exploits to reveal the hidden vulnerabilities within website state machines. Learn to identify and exploit new classes of race conditions by sending conflicting inputs that can compromise high-profile websites, enabling token misrouting, trusted data forgery, and backdoor concealment. Master a refined methodology for detecting subtle vulnerability indicators and implement a strategy that achieves sub-1ms execution windows for multiple HTTP requests across global distances. Gain hands-on experience with open-source tools and free online labs while understanding crucial concepts like single-packet attacks, object-masking, multi-endpoint collisions, partial construction attacks, and data structure defenses. Discover how to analyze single-endpoint collision code, improve attack techniques, and understand the impact of these vulnerabilities on web security.
Syllabus
Intro
The known potential of race conditions
The true potential of race conditions
Making race conditions reliable: Single-packet attack
Single-packet attack: under the hood
benchmark
Probe for clues
Object-masking via limit-overrun
Multi-endpoint collisions: handling internal latency
Single-endpoint collision code analysis
Impact
Partial construction attacks
Data-structures and race-condition defenses
Improving the single-packet attack
Embrace the chaos
Taught by
DEFCONConference