A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Thomas Hoffecker Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon? Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)

Thomas Hoffecker Exploiting PKI for Fun & Profit or The Next Yellow Padlock Icon?
Derbycon 2011

Public Key Infrastructure (PKI) provides a large attack surface for the pentester. While attacking PKI directly may seem like a juicy target, using the information freely provided by PKI is of much more value than attempting to compromise well protected and monitored servers. This talk will demonstrate the information disclosure that is present in PKI implementations of large organizations in the private and public sector. It will explore the use of that information for purposes of social engineering, phishing, and network recon/profiling. Users have been groomed to accept anything that is signed or encrypted. Misusing the trust that users place in PKI is the new yellow padlock icon!

Back to Derbycon 2011 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast