Conference:  Defcon 31

Authors: Dan "AltF4" Petro Senior Security Engineer, Bishop Fox, David Vargas Senior Security Consultant, Bishop Fox

2023-08-01

Breaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there's a new sheriff in town: The encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... right? In this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general "WTF"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks, to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities. Get your orange vest and carry a ladder, because we're going onsite!

Conference:  Black Hat Asia 2023

Authors: Paul Gerste

2023-05-11

Privacy-oriented webmail providers like Proton Mail, Tutanota, and Skiff, offer an easy way to secure communications. Even non-technical people can send end-to-end encrypted emails, which is especially useful for high-risk users such as journalists, whistleblowers, and political activists, but also privacy-seeking internauts. End-to-end encryption becomes irrelevant when there are vulnerabilities in the client. That's why we had a closer look and found critical vulnerabilities in ProtonMail, Tutanota, and Skiff that could have been used to steal emails, impersonate victims, and in one case even execute code remotely!This talk presents the technical details of these vulnerabilities. We will use three case studies to show how we found and exploited serious flaws with unconventional methods. Come and see an adventure about mXSS, parser differentials, and modern CSS coming to the rescue during exploitation.Warning: may contain exploit demos and traces of popped calcs!

Conference:  Global AppSec Dublin 2023

Authors: Dan Murphy, Frank Catucci

2023-02-16

The presentation discusses a vulnerability in OpenSSL 3.0 that requires a specific set of circumstances to exploit, limiting its impact. The speaker emphasizes the importance of exploring and testing vulnerabilities to determine their actual risk.

• The vulnerability requires a valid client certificate and occurs during the certificate handshake process
• The affected code is a narrow window in OpenSSL 3.0, limiting the number of potential targets
• The exploit requires a specific alignment of memory, making it difficult to execute
• The speaker encourages a spirit of exploration and experimentation to determine the actual risk of vulnerabilities

Conference:  Global AppSec Dublin 2023

Authors: Chuck Willis

2023-02-16

The presentation discusses various techniques for encrypting data in databases, including deterministic encryption, searchable encryption, and homomorphic encryption.

• Deterministic encryption allows for searches on equality while keeping data encrypted
• Searchable encryption allows for searching for keywords in encrypted documents by encrypting the keywords and storing them in a database
• Homomorphic encryption allows for performing operations on encrypted data in a way that is equivalent to performing the operations before encryption
• Each technique has its limitations and trade-offs
• Maintaining an index of keyword frequency can improve the security of searchable encryption

Conference:  Global AppSec San Francisco 2022

Authors: Niclas Kjellin

2022-11-18

A little trust goes a long way, or so they say. The fundamentals of any resilient network, be it human or digital, starts with trust, where entities can authenticate themselves and others and communicate securely.Traditionally, a digital network uses the X.509 certificate standard and application-specific solutions to build trust and secure communication. Dime (Data Integrity Message Envelope) is an alternative open data format used to build trust and share data securely within networks of any size and shape. Dime envelopes contain encoded information, including verifiable claims by the sending party and application-specific data. In addition, using digital signatures and end-to-end encryption ensures that data cannot be altered or read by unauthorized parties. Some of the covered topics:- Trust-based networks – public key-based authentication to provide trust between entities- Message wrapping – end-to-end encryption to securely deliver data- Cryptographic linking – link items cryptographically for proof-building- Signature tags – to prove reception, processing, or verification of an itemAlthough there is no need to have deep secure engineering knowledge to get going with Dime, this talk aims to go through the underlying concepts, which will help to avoid common pitfalls and enable you to build more secure applications. The presentation uses real code examples to support and explain each concept further. Human readability and ease of use are at the heart of Dime, drawing on ideas from other formats such as JWT, PASETO, and Branco.As many use cases exist, including IoT, instant messaging, and banking apps, Dime may be crucial to your plans to take over the world (with your subsequent app success). At the very least, it will work through and strengthen your (digital) trust issues.