Explore new developments in the BREACH attack on SSL connections in this 53-minute Black Hat conference talk. Learn about practical extensions to the attack against common encryption ciphers, command-and-control techniques for exploiting plain HTTP connections, and statistical methods to bypass noise in block ciphers and web applications. Discover parallelization and optimization techniques, novel mitigation strategies, and a tool implementation with experimental results on popular web services. Gain insights into HTTPS vulnerabilities, alternative secrets, artificial noise, browser polarization, and persistence methods. Understand the implications for first-party cookies and future cybersecurity challenges.
Overview
Syllabus
Introduction
Who are we
HTTPS is broken
Overview
Original Research
Breach Assumptions
Methodology
Other Contributions
Alternative Secrets
Call Methods
Artificial Noise
New Block
Noises
Optimizations
Example
Requests Soup
Browser Polarization
Rupture
Rapture Components
Attack Diagram
Persistence
Repo
Backend
Lengths
Mitigation
First Party Cookies
Future Work
Takeaways
Questions
Taught by
Black Hat
