- Page 1 and 2: Not So Random Exploiting Unsafe Ran
- Page 3 and 4: Talk Overview 1. Theory: • Why?
- Page 5 and 6: Why do we need random numbers? •
- Page 7 and 8: Random numbers in Web Applications
- Page 9 and 10: Concept of Randomness • define: r
- Page 11 and 12: PRNG PRNG r = random.Random() Not S
- Page 13 and 14: PRNG 16768642083820545282 323536147
- Page 15 and 16: PRNG PRNG 16768642083820545282 3235
- Page 17 and 18: PRNG Seeds, States and Periods 1. S
- Page 19 and 20: PRNG Seeds and States Seed (/dev/ur
- Page 21 and 22: PRNG Seeds and States Seed (/dev/ur
- Page 23 and 24: PRNG Seeds and States Seed (/dev/ur
- Page 25 and 26: PRNG Seeds and States Seed (/dev/ur
- Page 27 and 28: PRNG Seeds and States Seed (/dev/ur
- Page 29 and 30: PRNG Seeds and States Seed (/dev/ur
- Page 31 and 32: CSPRNG vs PRNG 1. Non-Deterministic
- Page 33 and 34: Language Examples Language Method P
- Page 35 and 36: Internals Glance public Random(int
- Page 37 and 38: Exploitation Theory • Want to obt
- Page 39 and 40: Exploitation Theory Target PRNG Out
- Page 41 and 42: Exploitation Theory Target PRNG Out
- Page 43 and 44: Exploitation Theory Target PRNG Obt
- Page 45 and 46: Exploitation Theory Our PRNG Obtain
- Page 47 and 48: Untwister Brute Force Algorithm 101
- Page 49: Untwister Brute Force Algorithm 101
- Page 53 and 54: Untwister Brute Force Algorithm 101
- Page 55 and 56: Untwister Brute Force Algorithm 101
- Page 57 and 58: Untwister Brute Force Algorithm 101
- Page 59 and 60: Untwister Brute Force Algorithm 101
- Page 61 and 62: Untwister Brute Force Algorithm 101
- Page 63 and 64: Untwister Brute Force Algorithm 101
- Page 65 and 66: Demos 1. Brute Force • PHP mt_ran
- Page 67 and 68: Overview - Brute Force 1. Generate
- Page 69 and 70: Overview - Brute Force 1. Generate
- Page 71 and 72: Overview - Brute Force 1. Generate
- Page 73 and 74: Brute Force - Source class ResetPas
- Page 75 and 76: PHP mt_rand()- Exploitation • Rec
- Page 77 and 78: PHP mt_rand()- Exploitation • Tar
- Page 79 and 80: PHP mt_rand()- Exploitation Theory
- Page 81 and 82: PHP mt_rand() - Untwister uint32_t
- Page 83 and 84: PHP mt_rand()- Exploitation root@ka
- Page 85 and 86: PHP mt_rand()- Exploitation class R
- Page 87 and 88: 5. Generate a number of tokens usin
- Page 89 and 90: 6. Attempt tokens against applicati
- Page 91 and 92: PHP mt_rand()- Exploitation “To r
- Page 93 and 94: Demos 1. Brute Force • PHP mt_ran
- Page 95 and 96: Overview - Brute Force Bounded Call
- Page 97 and 98: Overview - Brute Force Bounded Call
- Page 99 and 100: Overview - Brute Force Bounded Call
- Page 101 and 102:
Brute Force Bounded Call - Source c
- Page 103 and 104:
PHP mt_rand(0,61)- Exploitation •
- Page 105 and 106:
PHP mt_rand(0,61)- Exploitation •
- Page 107 and 108:
Exploitation Theory Target PRNG Obt
- Page 109 and 110:
PHP mt_rand(0,61)- Decoder #!/usr/b
- Page 111 and 112:
PHP mt_rand(0,61)- Exploitation # p
- Page 113 and 114:
PHP Bounded mt_rand() Constructor
- Page 115 and 116:
PHP Bounded mt_rand() - Patched Unt
- Page 117 and 118:
PHP mt_rand(0,61)- Exploitation roo
- Page 119 and 120:
4. Seed new PRNG with obtained seed
- Page 121 and 122:
PHP mt_rand(0,61)- Exploitation
- Page 123 and 124:
PHP mt_rand(0,61)- Exploitation # p
- Page 125 and 126:
PHP mt_rand(0,61)- Exploitation Not
- Page 127 and 128:
Exploitation Theory Our PRNG Obtain
- Page 129 and 130:
Overview - Weak Seeds 1. Generate a
- Page 131 and 132:
Overview - Weak Seeds 1. Generate a
- Page 133 and 134:
Overview - Weak Seeds 1. Generate a
- Page 135 and 136:
Weak Seeds - Source public class Re
- Page 137 and 138:
.NET System.Random() Constructor
- Page 139 and 140:
.NET System.Random()- Exploitation
- Page 141 and 142:
.NET System.Random()- Exploitation
- Page 143 and 144:
Exploitation Theory Observed PRNG O
- Page 145 and 146:
System.Random() Constructor • .NE
- Page 147 and 148:
System.Random() Untwister Patch int
- Page 149 and 150:
.NET System.Random()- Exploitation
- Page 151 and 152:
.NET System.Random()- Exploitation
- Page 153 and 154:
.NET System.Random()- Exploitation
- Page 155 and 156:
.NET System.Random()- Exploitation
- Page 157 and 158:
.NET System.Random()- Exploitation
- Page 159 and 160:
5. Attempt tokens against applicati
- Page 161 and 162:
Exploitation Theory Observed PRNG O
- Page 163 and 164:
Practical Exploitation - Tips • L
- Page 165 and 166:
Mitigations Need a truly random num
- Page 167 and 168:
Developers, Developers, Developers
- Page 169 and 170:
Links / Further Reading • https:/