Thomas H. Ptacek

Reminder: the Black Hat USA 2018 CFP is open for the next 4 weeks. It’s easy to put together a CFP response. BH is the industry’s best known practical offensive security conference.

I’m working with 9 other crypto pros to review the Cryptography track.

Some greatest hits:

Black Hat 2009: Moxie Marlinspike introduces NUL prefix attacks on SSL X.509 certificate parsing. Link

Black Hat 2010: Nate Lawson does a comprehensive tutorial on actually exploiting remote timing attacks in software written in Java, C, and other languages. Link

Black Hat 2010: Elie Bursztein, with Gourdin, Rydstedt, and Boneh present “Bad Memories”, application layer crypto bypass attacks Link

Black Hat 2013: Angelo, Harris, and Gluck introduce the BREACH attack, the application-layer version of Thai Duong and Juliano Rizzo’s CRIME. Link

Black Hat 2013: Me and Alex Stamos broke conventional Diffie Hellman. You may remember our “cryptopotomus” talk.

Black Hat 2012: Me and Mike Tracy did Crypto For Pentesters, a modernization of Chris Eng’s Black Hat 2006 talk. This the precursor/inspiration for Cryptopals.

Black Hat 2014:, me, Alex, @spdevlin and @Sc00bzT did a Cryptopals + Decryptocat talk. Link

Black Hat 2014: Antoine Delignat-Lavaud from INRIA does Cookie-Cutter, Host Confusion, and Triple Handshake, all in one presentation. A criminally underrated talk. Link

Black Hat 2015: @esizkur’s carry propagation talk — breaking bignum libraries out from underneath crypto libraries. This is still a trendy bug class. Link

Black Hat 2015: @CipherLaw and @matthew_d_green spent an hour talking through what legally-mandated backdoors in encryption products might actually look like. Link

Black Hat 2015: Also a strong talk on the mechanics of actually exploiting timing channels in web applications. Link

Black Hat 2016: @davidcadrian presents DROWN, the all-time greatest TLS crypto attack. Link

Black Hat 2016: Tom Van Goethem and Mathy Vanhoef’s HEIST attack, which cleverly exploits TCP window sizes to infer response lengths and weaponize CRIME/BREACH. Link

Black Hat 2016: @spdevlin and @hanno demonstrate Joux’s “Forbidden Attack” on AES-GCM to break TLS, using that attack to serve their slides from a GCHQ web site. Link

Black Hat has upped its crypto game in the last 10 years.

Black Hat 2017: Conference favorite Elie Bursztein returns, this time with the taxidermied corpse of SHA-1 slung over his shoulder. Link

Black Hat 2017: Bursztein with Picod and Audebert break AES-encrypted USB devices. Link

Black Hat 2017: Alex Radocea presents a break in the crypto protocol for iCloud Keychain. Link

Black Hat 2017: @veorq broke mbedTLS and Go’s crypto library with a new technique, differential fuzzing, for testing crypto libraries. Link

Black Hat 2017: Yogesh Swami from Rambus/Cryptography Research presented attacks on SGX attestation. Link

Refinements on old attacks. Practical exploitation of crypto vulnerabilities against new targets. Tutorials. New research advances. Hardware attacks. We’re interested in all of it.

I’m just one dude speaking only for myself, but I think modern crypto attacks are underappreciated and poorly understood by pentesters and vulnerability researchers. You don’t have to have broken TLS or presented a new research result (though those are welcome); if you can just demonstrate using crypto attacks to break real world systems, you’ve got a great submission.

If you’re working on something involving breaking cryptography: here’s the CFP.