Abstract

The topic entails the following
1. Intro- cryptography and pentester
2. Integrity check against CBC algos
3. Manipulating the IV
4. Privilege escalation via CBC bit flipping
5. Hash length extension attacks
6. Padding Oracle attack
7. Decrypting a CBC block with padbuster.

All the above mentioned attacks would be backed by a demo

The test beds that I'll be using are:
1. CryptOMG Vulnerable Web App
2. Mutillidae II

Speaker

Mihir Shah

Know more about me at

https://about.me/shahenshah

Timing

Starts at Saturday March 16 2019, 12:30 PM. The sessions runs for about 1 hour.

Resources