The topic entails the following
1. Intro- cryptography and pentester
2. Integrity check against CBC algos
3. Manipulating the IV
4. Privilege escalation via CBC bit flipping
5. Hash length extension attacks
6. Padding Oracle attack
7. Decrypting a CBC block with padbuster.
All the above mentioned attacks would be backed by a demo
The test beds that I'll be using are:
1. CryptOMG Vulnerable Web App
2. Mutillidae II
Know more about me at
Starts at Saturday March 16 2019, 12:30 PM. The sessions runs for about 1 hour.