Explore a groundbreaking set of techniques called HEIST (HTTP Encrypted Information can be Stolen Through TCP-Windows) that enables browser-based attacks against SSL/TLS and other secure channels. Delve into this 50-minute Black Hat conference talk by Tom Van Goethem and Mathy Vanhoef, which introduces a novel side-channel attack capable of leaking the exact size of cross-origin responses. Discover how HEIST exploits vulnerabilities in browsers, HTTP, SSL/TLS, and TCP layers to perform compression-based attacks like CRIME and BREACH without requiring network access. Learn about the potential for extracting sensitive information from popular websites and the increased impact of HEIST when used with HTTP/2. Gain insights into the widespread applicability of these attack techniques and their implications for online security and privacy.
HEIST - HTTP Encrypted Information can be Stolen Through TCP-Windows
Overview
Syllabus
HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows
Taught by
Black Hat
Related Courses
-
Bypassing HTTP Strict Transport Security
-
Bar-Mitzvah Attack - Breaking SSL with 13-Year Old RC4 Weakness
-
Compression Oracle Attacks on VPN Networks
-
A Perfect CRIME? Only TIME Will Tell
-
HTTP Request Smuggling in 2020 - New Variants, New Defenses and New Challenges
-
Hacking HTTP/2 - New Attacks on the Internet's Next Generation Foundation
