Abstract

The topic entails the following
1. Intro- cryptography and pentester
2. Integrity check against CBC algos
3. Manipulating the IV
4. Privilege escalation via CBC bit flipping
5. Hash length extension attacks
6. Padding Oracle attack
7. Decrypting a CBC block with padbuster.

All the above mentioned attacks would be backed by a demo

The test beds that I'll be using are:
1. CryptOMG Vulnerable Web App
2. Mutillidae II

Speaker

Mihir Shah

How about this?

about.me/shahenshah

Timing

Starts at Saturday March 16 2019, 12:30 PM. The sessions runs for about 1 hour.

Resources