Articles

Browser Exploit Against SSL/TLS (BEAST)

BEAST is an attack that exploits several weaknesses within Transport Layer Security (TLS) 1.0 and older SSL protocols when using a CBC-mode cipher. The flaw is not strictly within the Transport Layer Security protocol itself, but is instead a known issue with Cipher Block Chaining (CBC). Although fixed in TLSv1.1. ...

Compression Ration Info-leak Made Easy (CRIME)

Compression Ration Info-leak Made Easy (CRIME) is a vulnerability in the compression used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS). It also affects Google’s HTTP-like protocol SPDY. It requires an attacker to perform an interception attack but if successful could allow for the decryption of session tokens ...

Decrypting RSA with Obsolete and Weakened Encryption (DROWN)

Decrypting RSA with Obsolete and Weakened Encryption (DROWN) is a vulnerability in servers that support Secure Sockets Layer (SSL) version 2.0. It is a form of cross-platform Bleichenbacher padding oracle attack and would allow a threat actor that is able to perform an interception attack to decrypt intercepted TLS connections by making ...

TLS/SSL Vulnerabilities

Look, there’s a whole bunch of vulnerabilities in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) and it can be difficult to keep up with them all, even if they have fancy names and logos! So here’s a quick summary of each for you:

Return of Bleichenbacher’s Oracle Threat (ROBOT)

Return of Bleichenbacher’s Oracle Threat (ROBOT) is a padding oracle vulnerability that allows a threat actor to illegitimately perform RSA decryption and signing operations with the private key of a TLS server. The attack would allow an attacker to intercept communications and later decrypt them. For devices that are affected by this ...

Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH)

Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext (BREACH) is a vulnerability similar in nature to CRIME, but where CRIME affected TLS/SPDY compression, BREACH affects HTTP compression. Where an application supports HTTP compression, reflects user-input within response bodies, and includes confidential information in that body – such as a ...

RC4 NOMORE

An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an ...

Factoring RSA Export Keys (FREAK)

Factoring RSA Export Keys (FREAK) is an attack against “export ciphers suites” which are cipher suites that have intentionally limited security due to prior regulation within the United States. This regulation placed restrictions on the strength of encryption algorithms used in software for exportation. This attack was demonstrated in 2015 ...

Your Vulnerability Management Sucks

On March 16th I had the pleasure of speaking at the Yorkshire Cyber Security Cluster about Vulnerability Management. I’ve included my slides from the presentation and some speaker notes on the content covered here: In this presentation, I attempt a tool-agnostic look into how organisations should approach vulnerability management. Whilst I definitely ...

3 / 13
Play Cover Track Title
Track Authors