Explore advanced web race condition attack techniques in this DEF CON 31 conference talk that goes beyond traditional limit-overrun exploits to reveal the hidden vulnerabilities within website state machines. Learn to identify and exploit new classes of race conditions by sending conflicting inputs that can compromise high-profile websites, enabling token misrouting, trusted data forgery, and backdoor concealment. Master a refined methodology for detecting subtle vulnerability indicators and implement a strategy that achieves sub-1ms execution windows for multiple HTTP requests across global distances. Gain hands-on experience with open-source tools and free online labs while understanding crucial concepts like single-packet attacks, object-masking, multi-endpoint collisions, partial construction attacks, and data structure defenses. Discover how to analyze single-endpoint collision code, improve attack techniques, and understand the impact of these vulnerabilities on web security.
Smashing the State Machine: Advanced Web Race Condition Attacks
Overview
Syllabus
Intro
The known potential of race conditions
The true potential of race conditions
Making race conditions reliable: Single-packet attack
Single-packet attack: under the hood
benchmark
Probe for clues
Object-masking via limit-overrun
Multi-endpoint collisions: handling internal latency
Single-endpoint collision code analysis
Impact
Partial construction attacks
Data-structures and race-condition defenses
Improving the single-packet attack
Embrace the chaos
Taught by
DEFCONConference
