The Beast Wins Again: Why TLS Keeps Failing to Protect HTTP

by Antoine Delignat-Lavaud
Sept. 23, 2017 0 comments Black Hat belen_caty Pen Testing & Audits http tls

In the course of this talk, you will learn about the full capabilities of the "beastly" attacker that operates jointly at the transport and application levels and how they can be exploited. You will also learn how to configure your HTTPS server to avoid being vulnerable to our virtual host confusion attacks, for which no simple universal fix exists. Lastly, I will try to disprove some misconceptions about TLS and privacy in the context of powerful network attackers.