Explore algorithmic complexity (AC) vulnerabilities in this Black Hat conference talk. Learn how attackers can exploit algorithms to cause significant server workload with minimal input. Discover the mechanics behind decompression bombs and ASCII hex decoding attacks. Witness live demonstrations of unauthenticated vulnerabilities and their impacts on enterprise software. Understand the implications for password strength estimation tools. Gain insights into common themes in AC vulnerabilities and acquire tools to identify and mitigate these risks. Suitable for security professionals and developers interested in enhancing application resilience against denial-of-service attacks.
Denial of Service with a Fistful of Packets - Exploiting Algorithmic Complexity Vulnerabilities
Overview
Syllabus
Introduction
What are algorithmic complexity vulnerabilities
Decompression bombs
ASCII hex decode
Demo
Impact
Unauthenticated Vulnerability
Demonstration
Bonus vulnerability
Impacts
Password Strength Estimation Tool
Impact on Enterprise Software
Demo of Attack
What You Can Do
Common Themes
Tools
Audience
Outro
Taught by
Black Hat
