A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Bypassing Encryption by Attacking the Cryptosystem Perimeter - Trenton Ivey Cyphercon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Bypassing Encryption by Attacking the Cryptosystem Perimeter
Trenton Ivey
@trentonivey

Cyphercon 2016

In today’s world, everyone relies on cryptography to protect important data. When you purchase your morning coffee, something encrypts your credit cards before sending it off for processing. When you log into your work laptop and sign on to the network, the operating system uses cryptography to protect your password. When you log into your bank website, your browser encrypts the traffic sent over the internet. System administrators have long known that tools that use encryption (such as SSH) are much safer than tools that do not (such as telnet). Cryptographic attacks are often very difficult and require a large amount of time and resources. Fortunately for attackers, the safety that cryptography provides can lull users into a false sense of security. The power of modern cryptography protects clear text data by turning it into unreadable cipher text. Unfortunately for defenders, weaknesses at the perimeter of the cryptosystems used to protect data can often lead to compromise. This talk will demonstrate various attacks against the perimeter of cryptosystems. By the end of the talk you will see how malicious actors can steal credit cards by using malware on POS systems, steal passwords from applications by dumping system memory, backdoor cryptography tools, and use vulnerabilities in cryptography software to escalate privileges on a compromised system. This talk will also discuss ways that individuals and organizations can protect against these types of attacks. You do not need to be technically proficient to follow along with this talk. However, if you are a total nerd, do not worry; there will be plenty of demos chock-full of source code and low-level system concepts to keep your mind entertained.

Trenton Ivey has had the desire to understand how things work since early childhood. Hacking, programming, reverse engineering, and electronics quickly became some of his favorite topics of interest. Today, Trenton is a Principal Consultant on the Dell SecureWorks Red Team. As a seasoned penetration tester, Trenton is able to knowledgeably discuss the tactics and techniques that actually work in real world environments.

Back to Cyphercon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast