Explore the untapped potential of web race-condition attacks in this 38-minute Black Hat conference talk. Delve beyond traditional limit-overrun exploits and discover multiple new classes of race conditions. Learn how to exploit the delicate state machines lurking within websites by firing salvos of conflicting inputs, enabling the forging of trusted data, misrouting of tokens, and masking of backdoors. Witness demonstrations of these exploits across high-profile websites and a popular authentication framework. Presented by James Kettle, this talk challenges conventional understanding of web race conditions and reveals their true power in compromising web security.
Overview
Syllabus
Smashing the State Machine: The True Potential of Web Race Conditions
Taught by
Black Hat