Not So Random

Recommendations

Info

3. Use captured initial password reset tokens and Untwister to obtain PRNG seed Not So Random
Exploitation Theory Target PRNG Obtain internal state from known output Output K1aQdFbhmQoj67Lbba9qzknk qhR5jXwz rrEahOjVbA7cK4ZwmG9KsERV NQ8WMq19 97sRz0OYI4CfE5JBrb3B9068 bXA02Mle mSNj01w16M7nb5o42NjDYcwU tcSyFwJd Use Known Password Reset Token Known Password Reset Token Known Password Reset Token Known Password Reset Token ???????????????????? Target Password Reset Token Not So Random
Page 1 and 2:
Not So Random Exploiting Unsafe Ran
Page 3 and 4:
Talk Overview 1. Theory: • Why?
Page 5 and 6:
Why do we need random numbers? •
Page 7 and 8:
Random numbers in Web Applications
Page 9 and 10:
Concept of Randomness • define: r
Page 11 and 12:
PRNG PRNG r = random.Random() Not S
Page 13 and 14:
PRNG 16768642083820545282 323536147
Page 15 and 16:
PRNG PRNG 16768642083820545282 3235
Page 17 and 18:
PRNG Seeds, States and Periods 1. S
Page 19 and 20:
PRNG Seeds and States Seed (/dev/ur
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
CSPRNG vs PRNG 1. Non-Deterministic
Page 33 and 34:
Language Examples Language Method P
Page 35 and 36:
Internals Glance public Random(int
Page 37 and 38:
Exploitation Theory • Want to obt
Page 39 and 40:
Exploitation Theory Target PRNG Out
Page 41 and 42:
Exploitation Theory Target PRNG Out
Page 43 and 44:
Exploitation Theory Target PRNG Obt
Page 45 and 46:
Exploitation Theory Our PRNG Obtain
Page 47 and 48:
Untwister Brute Force Algorithm 101
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56: Untwister Brute Force Algorithm 101
Page 65 and 66: Demos 1. Brute Force • PHP mt_ran
Page 67 and 68: Overview - Brute Force 1. Generate
Page 73 and 74: Brute Force - Source class ResetPas
Page 75 and 76: PHP mt_rand()- Exploitation • Rec
Page 77 and 78: PHP mt_rand()- Exploitation • Tar
Page 79 and 80: PHP mt_rand()- Exploitation Theory
Page 81 and 82: PHP mt_rand() - Untwister uint32_t
Page 83 and 84: PHP mt_rand()- Exploitation root@ka
Page 85 and 86: PHP mt_rand()- Exploitation class R
Page 87 and 88: 5. Generate a number of tokens usin
Page 89 and 90: 6. Attempt tokens against applicati
Page 91 and 92: PHP mt_rand()- Exploitation “To r
Page 93 and 94: Demos 1. Brute Force • PHP mt_ran
Page 95 and 96: Overview - Brute Force Bounded Call
Page 101 and 102: Brute Force Bounded Call - Source c
Page 103 and 104: PHP mt_rand(0,61)- Exploitation •
Page 105: PHP mt_rand(0,61)- Exploitation •
Page 109 and 110: PHP mt_rand(0,61)- Decoder #!/usr/b
Page 111 and 112: PHP mt_rand(0,61)- Exploitation # p
Page 113 and 114: PHP Bounded mt_rand() Constructor
Page 115 and 116: PHP Bounded mt_rand() - Patched Unt
Page 117 and 118: PHP mt_rand(0,61)- Exploitation roo
Page 119 and 120: 4. Seed new PRNG with obtained seed
Page 121 and 122: PHP mt_rand(0,61)- Exploitation
Page 123 and 124: PHP mt_rand(0,61)- Exploitation # p
Page 125 and 126: PHP mt_rand(0,61)- Exploitation Not
Page 127 and 128: Exploitation Theory Our PRNG Obtain
Page 129 and 130: Overview - Weak Seeds 1. Generate a
Page 135 and 136: Weak Seeds - Source public class Re
Page 137 and 138: .NET System.Random() Constructor
Page 139 and 140: .NET System.Random()- Exploitation
Page 143 and 144: Exploitation Theory Observed PRNG O
Page 145 and 146: System.Random() Constructor • .NE
Page 147 and 148: System.Random() Untwister Patch int
Page 157 and 158:
.NET System.Random()- Exploitation
Page 159 and 160:
5. Attempt tokens against applicati
Page 161 and 162:
Exploitation Theory Observed PRNG O
Page 163 and 164:
Practical Exploitation - Tips • L
Page 165 and 166:
Mitigations Need a truly random num
Page 167 and 168:
Developers, Developers, Developers
Page 169 and 170:
Links / Further Reading • https:/
show all

Not So Random

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?