SANS Webcast: Time is on your side username harvesting via timing attacks
Learn Web App Pen Testing: www.sans.org/sec542
Presented by: Eric Conrad
You are faced with a seemingly well-designed authentication form: it returns the same error for good username/bad password and bad username/bad password, and it also uses a slow hash algorithm such as bcrypt. Username guessing should be impossible, and password cracking impractical. Many penetration testers will move on: what do you do?
This webcast will describe a practical approach for using timing attacks to harvest valid usernames, including a live demo using Burp Suite.
Видео SANS Webcast: Time is on your side username harvesting via timing attacks канала SANS Offensive Operations
Presented by: Eric Conrad
You are faced with a seemingly well-designed authentication form: it returns the same error for good username/bad password and bad username/bad password, and it also uses a slow hash algorithm such as bcrypt. Username guessing should be impossible, and password cracking impractical. Many penetration testers will move on: what do you do?
This webcast will describe a practical approach for using timing attacks to harvest valid usernames, including a live demo using Burp Suite.
Видео SANS Webcast: Time is on your side username harvesting via timing attacks канала SANS Offensive Operations
Комментарии отсутствуют
Информация о видео
11 августа 2016 г. 1:50:52
00:56:51
Другие видео канала
Keynote | Attacking Intelligence: Attacking and Defending AI on The Edge
Gone in 66 Techniques – How MITRE ATT&CK® Evaluations Round #3 United Us as a (Purple) Team
I’ve Got a Golden Twinkle in My Eye
Don't Fear the Zero: A Test-driven Approach to Analytic Development | PurpleTeam Summit 2021
Building Compelling Cyber Challenges and Range Scenarios - SANS HackFest & Ranges Summit 2020
SANS Webcast: Maximizing Your Existing Toolset… I Got 99 Tools, but Time Ain't One
A Month of PowerShell – Kickoff Webcast!
SANS Webcast: Everything I Didn’t Learn in School
Where the *$&% is my Identity? w/ Chris Edmundson - SANS HackFest & Ranges Summit 2020
Micro Emulation Plans: Making Adversary Emulation Accessible
SANS Pen Test 2024: A Sneak Peek Into All That's in Store!
SANS Webcast: Beyond Scanning Delivering Impact Driven Vulnerability Assessments
Crafting Adversarial Detections at Scale in Google Cloud Platform
Introducing SANS Offensive Operations | Stephen Sims | SANS Institute
SANS Hackfest 2021 (Nov 15-16)
SANS Pen Test - How To's: Install & Configure Android Emulator
Where's the Money: Defeating ATM Disk Encryption
SANS Pen Test Webcast: Easier Web App Pen Testing by Leveraging Plugins and Extensions
Intro to WinDbg Part 2: Back to the Future Using TTD
Pen Testing Smart Contracts to Stop The Next Poly Network Hack
Tactical MiTM for Attack and Defense
