Cracking the Crypto null Bangalore Meet 16 March 2019 Combined monthly Null/G4H/OWASP meet
Abstract
The topic entails the following
1. Intro- cryptography and pentester
2. Integrity check against CBC algos
3. Manipulating the IV
4. Privilege escalation via CBC bit flipping
5. Hash length extension attacks
6. Padding Oracle attack
7. Decrypting a CBC block with padbuster.All the above mentioned attacks would be backed by a demo
The test beds that I'll be using are:
1. CryptOMG Vulnerable Web App
2. Mutillidae II
Speaker
Timing
Starts at Saturday March 16 2019, 12:30 PM. The sessions runs for about 1 hour.