Critical Thinking - Bug Bounty Podcast Episode 85: Practical Applications of DEFCON 32 Web Research
Aug 22, 2024
In this discussion, security researcher Orange Tsai dives into web application vulnerabilities uncovered at DEFCON 32. He shares insights on innovative timing attacks and cache exploitation techniques. The conversation shifts to the practicalities of parsing email addresses, highlighting SMTP injection risks. Tsai also addresses the relevance of legacy protocols and their modern exploits. Lively anecdotes about DEFCON and unique collectibles add a light-hearted touch, making complex topics more engaging.
AI Snips
Chapters
Transcript
Episode notes
Space Raccoon Pillow Story
- Justin shares a story about winning a Space Raccoon pillow at a wedding trivia competition. - It highlights his excitement and connection to the hacker community.
Dual Packet Sync in Timing Attacks
- James Kettle's research made web timing attacks more practical with dual packet sync. - Timing differences as small as 0.2 milliseconds can be exploited to gain information.
Use Lower Quartile for Timing
- Use the lower quartile of response times for timing attacks to reduce noise from server load spikes. - This approach improves accuracy by focusing on the fastest, most consistent responses.