Explore a unique perspective on TLS security in this 30-minute Black Hat conference talk. Delve into how features designed to enhance TLS performance can be exploited as attack vectors, particularly for Server-Side Request Forgery (SSRF). Discover a novel, cross-platform method of leveraging TLS to target internal services, moving beyond platform-specific vulnerabilities like SNI injection. Gain insights from Joshua Maddux's research on using TLS as an offensive tool rather than just a defensive measure. Access the full abstract and presentation materials to deepen your understanding of this innovative approach to cybersecurity.
Overview
Syllabus
When TLS Hacks You
Taught by
Black Hat
Related Courses
-
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)
-
Intro to Bug Bounty Hunting and Web Application Hacking
-
Piercing the Veil - Server Side Request Forgery Attacks on Internal Networks
-
SSRF vs Business Critical Applications
-
API-Induced SSRF - How Apple Pay Scattered Vulnerabilities Across the Web
-
What is Server-Side Request Forgery - SSRF?
