SlideShare a Scribd company logo

Practically DROWNing

Tim N
Tim N

Drown Attack Presentation Ruxmon Melbroune RMIT 29/3/2016

Internet
1 of 19
Download to read offline
Practical DROWNing Putting a well known, highly computationally heavy crypto attack into practice in real time. Where What Who Ruxmon Melbourne Practical DROWNing Tim Noise
tIMNOISE • twitter/dnoiz1 • github/dnoiz1 • mIRC/dnz • streetz/notorious D N Z • tim@drkns.net Blackhat sell out and V.I.L.E henchman
SECURESOCKETLAYER • Sucked so bad v1 was never used Emphasis on the first S - SSL • v2 was released in 1995 • It sucked so bad, v3 was released in 1996 • It sucked so bad TLS replaced it in 1998 • In 2016 we remembered v2 sucked and disabled it again • We went back to SSLv2 in 2014
TransportLAYERSECURITYTurns out SSL was not good • TLS 1.0 released in 99 - allows for downgrade to SSL (thx) • TLS 1.1 released in 2006 - Fixes CBC, introduces explicit IV • TLS 1.2 released in 2008 • 2011 TLS1.2 removes downgrade, particularly to SSLv2
BasicHandshakesWere not blood-stacking just yet
ProtocolIMPLENTATIONSIts actually people who make code
RECENT-ISHATTACKS • BEAST • CRIME • BREACH • POODLE • Logjam • Heart bleed • Cache bleed • DROWN Are we bored with codenames, logos and fancy websites yet?
NoteworthyCVEsOftheDAY • CVE-2016-0800 / DROWN • CVE-2016-0705 / Double Free in DSA • CVE-2016-0798 / Memory Leak • CVE-2016-0797 / Null Pointer deref/Heap corruption • CVE-2016-0799 / Format String memory issues • CVE-2016-0702 / Side Channel Attack • CVE-2016-0703 / Divide and Conquer Key Recovery • CVE-2016-0704 / Bleichenbacher oracle in SSLv2 Not all DROWN related, OpenSSL bugs with the same day 0
DROWNCVE-2016-0800 • Downgrade to SSLv2 • Bleichenbacher padding oracle (CVE-2016-0704) • Available to any port or service that can negotiate SSLv2 • Compounded with CVE-2015-3197 to select disabled ciphers Decrypting RSA with Obsolete and Weakened eNcryption
VendorRESPONSE • 0day was March 1, 2016 • Reported from upstream on February 22, 2016 • Immediately treated as High Touch • Patches to OpenSSL were committed 
 to git on 18th & 20th of February • Other libraries followed shortly after • RPMs published 0day along with RHSA Cold sweats and beating day 0
HOWtoDROWNBetter than Bondi Rescue
HOWtoDROWN • Attacker collects TLS RSA Key Exchange messages • Intercept cipher text containing 48 byte premaster secret to PKCS#1 v1.5 encoded messages of length to SSLv2 oracle • Perform the Bleichenbacher oracle • Transform the data back into plain text Better than Bondi Rescue
DifficultyDROWNing • Computational work for standard drown is 2^50 • requires observing 1000 TLS handshake • requires performing 40,000 negations • Under 8 hours and $440 using AWS EC2 Compute nodes Spin up all the CUDA cores
DOYOUCARE? • Initial estimate at 11.5m (33% of scanned) of HTTPS server • Special DROWN 79% of the 11.5m • Key reuse allows multiple servers to expose each other (SMTP/IPMI/HTTPS etc) Makes your KPIs look good and your CISO can sleep at night
SPECIALDROWN • Special extra clear oracle • Requires only 1/2 the number of connections • Enabled by CVE-2016-703 / Divide-and-conquer session key recovery • Can be calculated in real time (under 1min on a single core) • Before the initial Handshake times out, allowing MITM It only takes a toddler 30 seconds
TakeAWAY • Install patched packages! • Disable SSLv* • Disable Shitty Ciphers • Filter SSL negotiations on the network Stuff to do when you get home • Test for weak ciphers • Test for SSL negotiation • Test for Key Reuse • Do more than test! MITM and Decrypt things Defenders Attackers
QUESTIONS?
Practical DROWNing Putting a well known, highly computationally heavy crypto attack into practice in real time. Where What Who Ruxmon Melbourne Practical DROWNing Tim Noise
tIMNOISE • twitter/dnoiz1 • github/dnoiz1 • mIRC/dnz • streetz/notorious D N Z • tim@drkns.net Blackhat sell out and V.I.L.E henchman

Recommended

Git Money
Git MoneyGit Money
Git MoneyTim N
 
ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)Tim N
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Unifi'd Ownage
Unifi'd OwnageUnifi'd Ownage
Unifi'd OwnageTim N
 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chatyeokm1
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...PROIDEA
 
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)inaz2
 

Recommended

Git Money
Git MoneyGit Money
Git MoneyTim N
 
ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)ifwt remote (sydney ruxmon edition)
ifwt remote (sydney ruxmon edition)Tim N
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Unifi'd Ownage
Unifi'd OwnageUnifi'd Ownage
Unifi'd OwnageTim N
 
A Science Project: Swift Serial Chat
A Science Project: Swift Serial ChatA Science Project: Swift Serial Chat
A Science Project: Swift Serial Chatyeokm1
 
Introduction to ethereum_public
Introduction to ethereum_publicIntroduction to ethereum_public
Introduction to ethereum_publicantitree
 
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...
PLNOG 21: Ron Broersma - Historical_Perspectives_on_Computing, Networking, Se...PROIDEA
 
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)Abusing Interrupts for Reliable Windows Kernel Exploitation (en)
Abusing Interrupts for Reliable Windows Kernel Exploitation (en)inaz2
 
OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsHeadLightSecurity
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web HackerHeadLightSecurity
 
Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleEC-Council
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
OpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpen Networking Summit
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsDefcon Moscow
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 
Wiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbedWiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbedJinbuhm Kim
 
Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3Zia Ush Shamszaman
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108Linaro
 
Operating System fo IoT
Operating System fo IoTOperating System fo IoT
Operating System fo IoTPradeep Kumar TS
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devicesYashin Mehaboobe
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装inaz2
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jarsPacSecJP
 
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaSecrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaJumping Bean
 
Отчет. приложение 2.
Отчет. приложение 2.Отчет. приложение 2.
Отчет. приложение 2.Софья Митрошина
 
Catalogo Inspiraflor
Catalogo InspiraflorCatalogo Inspiraflor
Catalogo InspiraflorInspiraflor
 

More Related Content

What's hot

OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinEC-Council
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnieZoltan Balazs
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsHeadLightSecurity
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web HackerHeadLightSecurity
 
Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleEC-Council
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
OpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpen Networking Summit
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsDefcon Moscow
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecPacSecJP
 
Wiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbedWiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbedJinbuhm Kim
 
Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3Zia Ush Shamszaman
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108Linaro
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devicesYashin Mehaboobe
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionLevente Kurusa
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装inaz2
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jarsPacSecJP
 
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaSecrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaJumping Bean
 

What's hot (20)

OSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc NewlinOSINT RF Reverse Engineering by Marc Newlin
OSINT RF Reverse Engineering by Marc Newlin
 
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
Defcon Moscow #0x0A - Oleg Kupreev "Uncommon MiTM in uncommon conditions"
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
 
Uncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditionsUncommon MiTM in uncommon conditions
Uncommon MiTM in uncommon conditions
 
Hacking routers as Web Hacker
Hacking routers as Web HackerHacking routers as Web Hacker
Hacking routers as Web Hacker
 
Hacking Network APIs by Dan Nagle
Hacking Network APIs by Dan NagleHacking Network APIs by Dan Nagle
Hacking Network APIs by Dan Nagle
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
OpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deploymentsOpenCORD MiniSummit - Physical POD test and deployments
OpenCORD MiniSummit - Physical POD test and deployments
 
Oleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threatsOleg Kupreev - 802.11 tricks and threats
Oleg Kupreev - 802.11 tricks and threats
 
Solnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsecSolnik secure enclaveprocessor-pacsec
Solnik secure enclaveprocessor-pacsec
 
Wiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbedWiznet Ethernet library for ARM mbed
Wiznet Ethernet library for ARM mbed
 
Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3Hacking with Backtrack Lecture-3
Hacking with Backtrack Lecture-3
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
 
BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108BSD Sockets API in Zephyr RTOS - SFO17-108
BSD Sockets API in Zephyr RTOS - SFO17-108
 
Operating System fo IoT
Operating System fo IoTOperating System fo IoT
Operating System fo IoT
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
 
Hacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An IntroductionHacking the Linux Kernel - An Introduction
Hacking the Linux Kernel - An Introduction
 
HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装
 
Kasza smashing the_jars
Kasza smashing the_jarsKasza smashing the_jars
Kasza smashing the_jars
 
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South AfricaSecrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
Secrets of a linux ninja Software Freedom Day 2013 Johannesburg, South Africa
 

Viewers also liked

Catalogo Inspiraflor
Catalogo InspiraflorCatalogo Inspiraflor
Catalogo InspiraflorInspiraflor
 
медиаобразование
медиаобразованиемедиаобразование
медиаобразованиеOlga Shaporina
 
Benefits and struggles of Lean Game Development
Benefits and struggles of Lean Game DevelopmentBenefits and struggles of Lean Game Development
Benefits and struggles of Lean Game DevelopmentBitCake Studio
 
UX, ethnography and possibilities: for Libraries, Museums and Archives
UX, ethnography and possibilities: for Libraries, Museums and ArchivesUX, ethnography and possibilities: for Libraries, Museums and Archives
UX, ethnography and possibilities: for Libraries, Museums and ArchivesNed Potter
 
Designing Teams for Emerging Challenges
Designing Teams for Emerging ChallengesDesigning Teams for Emerging Challenges
Designing Teams for Emerging ChallengesAaron Irizarry
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with DataSeth Familian
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYDialogueScience
 
UX and How You Fit In
UX and How You Fit InUX and How You Fit In
UX and How You Fit InChuck Liu
 
Capability Statementl - PCM Group NT v1
Capability Statementl - PCM Group NT v1Capability Statementl - PCM Group NT v1
Capability Statementl - PCM Group NT v1aaronemmett
 
Nhs citizen research workshop tools, methods & process
Nhs citizen research workshop tools, methods & processNhs citizen research workshop tools, methods & process
Nhs citizen research workshop tools, methods & processNHSCitizen
 

Viewers also liked (16)

Отчет. приложение 2.
Отчет. приложение 2.Отчет. приложение 2.
Отчет. приложение 2.
 
Catalogo Inspiraflor
Catalogo InspiraflorCatalogo Inspiraflor
Catalogo Inspiraflor
 
медиаобразование
медиаобразованиемедиаобразование
медиаобразование
 
Benefits and struggles of Lean Game Development
Benefits and struggles of Lean Game DevelopmentBenefits and struggles of Lean Game Development
Benefits and struggles of Lean Game Development
 
La informacion
La informacionLa informacion
La informacion
 
UX, ethnography and possibilities: for Libraries, Museums and Archives
UX, ethnography and possibilities: for Libraries, Museums and ArchivesUX, ethnography and possibilities: for Libraries, Museums and Archives
UX, ethnography and possibilities: for Libraries, Museums and Archives
 
Designing Teams for Emerging Challenges
Designing Teams for Emerging ChallengesDesigning Teams for Emerging Challenges
Designing Teams for Emerging Challenges
 
Visual Design with Data
Visual Design with DataVisual Design with Data
Visual Design with Data
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITYSOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
SOMETHING INTANGIBLE, BUT REAL ABOUT CYBERSECURITY
 
Merchant kit
Merchant kitMerchant kit
Merchant kit
 
UX and How You Fit In
UX and How You Fit InUX and How You Fit In
UX and How You Fit In
 
Capability Statementl - PCM Group NT v1
Capability Statementl - PCM Group NT v1Capability Statementl - PCM Group NT v1
Capability Statementl - PCM Group NT v1
 
Portfolio
PortfolioPortfolio
Portfolio
 
Nhs citizen research workshop tools, methods & process
Nhs citizen research workshop tools, methods & processNhs citizen research workshop tools, methods & process
Nhs citizen research workshop tools, methods & process
 

Similar to Practically DROWNing

Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)Gabriella Davis
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
curl and TLS #MeraKrypto
curl and TLS #MeraKryptocurl and TLS #MeraKrypto
curl and TLS #MeraKryptoDaniel Stenberg
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Cloudflare
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardAndrew Denner
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
I just want to publish my services 🙀
I just want to publish my services 🙀I just want to publish my services 🙀
I just want to publish my services 🙀Sergio Matone
 
Recover A RSA Private key from a TLS session with perfect forward secrecy
Recover A RSA Private key from a TLS session with perfect forward secrecyRecover A RSA Private key from a TLS session with perfect forward secrecy
Recover A RSA Private key from a TLS session with perfect forward secrecyPriyanka Aash
 
DaoliNet: Lightweight and Simple Networking for Docker
DaoliNet: Lightweight and Simple Networking for DockerDaoliNet: Lightweight and Simple Networking for Docker
DaoliNet: Lightweight and Simple Networking for Dockerdaolinetppt
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleCumulus Networks
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalThe Linux Foundation
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 

Similar to Practically DROWNing (20)

Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
 
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6labION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
ION Bangladesh - DANE, DNSSEC, and TLS Testing in the Go6lab
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
 
curl and TLS #MeraKrypto
curl and TLS #MeraKryptocurl and TLS #MeraKrypto
curl and TLS #MeraKrypto
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3
 
Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)Why Many Websites are still Insecure (and How to Fix Them)
Why Many Websites are still Insecure (and How to Fix Them)
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOH
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
I just want to publish my services 🙀
I just want to publish my services 🙀I just want to publish my services 🙀
I just want to publish my services 🙀
 
Recover A RSA Private key from a TLS session with perfect forward secrecy
Recover A RSA Private key from a TLS session with perfect forward secrecyRecover A RSA Private key from a TLS session with perfect forward secrecy
Recover A RSA Private key from a TLS session with perfect forward secrecy
 
DaoliNet: Lightweight and Simple Networking for Docker
DaoliNet: Lightweight and Simple Networking for DockerDaoliNet: Lightweight and Simple Networking for Docker
DaoliNet: Lightweight and Simple Networking for Docker
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014
 
Dreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scaleDreamhost deploying dreamcompute at scale
Dreamhost deploying dreamcompute at scale
 
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 VittalNetwork Multitenancy in Xen-Based Clouds-XPUS13 Vittal
Network Multitenancy in Xen-Based Clouds-XPUS13 Vittal
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 

Recently uploaded

Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 

Recently uploaded (20)

Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 

Practically DROWNing

  • 1. Practical DROWNing Putting a well known, highly computationally heavy crypto attack into practice in real time. Where What Who Ruxmon Melbourne Practical DROWNing Tim Noise
  • 2. tIMNOISE • twitter/dnoiz1 • github/dnoiz1 • mIRC/dnz • streetz/notorious D N Z • tim@drkns.net Blackhat sell out and V.I.L.E henchman
  • 3. SECURESOCKETLAYER • Sucked so bad v1 was never used Emphasis on the first S - SSL • v2 was released in 1995 • It sucked so bad, v3 was released in 1996 • It sucked so bad TLS replaced it in 1998 • In 2016 we remembered v2 sucked and disabled it again • We went back to SSLv2 in 2014
  • 4. TransportLAYERSECURITYTurns out SSL was not good • TLS 1.0 released in 99 - allows for downgrade to SSL (thx) • TLS 1.1 released in 2006 - Fixes CBC, introduces explicit IV • TLS 1.2 released in 2008 • 2011 TLS1.2 removes downgrade, particularly to SSLv2
  • 7. RECENT-ISHATTACKS • BEAST • CRIME • BREACH • POODLE • Logjam • Heart bleed • Cache bleed • DROWN Are we bored with codenames, logos and fancy websites yet?
  • 8. NoteworthyCVEsOftheDAY • CVE-2016-0800 / DROWN • CVE-2016-0705 / Double Free in DSA • CVE-2016-0798 / Memory Leak • CVE-2016-0797 / Null Pointer deref/Heap corruption • CVE-2016-0799 / Format String memory issues • CVE-2016-0702 / Side Channel Attack • CVE-2016-0703 / Divide and Conquer Key Recovery • CVE-2016-0704 / Bleichenbacher oracle in SSLv2 Not all DROWN related, OpenSSL bugs with the same day 0
  • 9. DROWNCVE-2016-0800 • Downgrade to SSLv2 • Bleichenbacher padding oracle (CVE-2016-0704) • Available to any port or service that can negotiate SSLv2 • Compounded with CVE-2015-3197 to select disabled ciphers Decrypting RSA with Obsolete and Weakened eNcryption
  • 10. VendorRESPONSE • 0day was March 1, 2016 • Reported from upstream on February 22, 2016 • Immediately treated as High Touch • Patches to OpenSSL were committed 
 to git on 18th & 20th of February • Other libraries followed shortly after • RPMs published 0day along with RHSA Cold sweats and beating day 0
  • 12. HOWtoDROWN • Attacker collects TLS RSA Key Exchange messages • Intercept cipher text containing 48 byte premaster secret to PKCS#1 v1.5 encoded messages of length to SSLv2 oracle • Perform the Bleichenbacher oracle • Transform the data back into plain text Better than Bondi Rescue
  • 13. DifficultyDROWNing • Computational work for standard drown is 2^50 • requires observing 1000 TLS handshake • requires performing 40,000 negations • Under 8 hours and $440 using AWS EC2 Compute nodes Spin up all the CUDA cores
  • 14. DOYOUCARE? • Initial estimate at 11.5m (33% of scanned) of HTTPS server • Special DROWN 79% of the 11.5m • Key reuse allows multiple servers to expose each other (SMTP/IPMI/HTTPS etc) Makes your KPIs look good and your CISO can sleep at night
  • 15. SPECIALDROWN • Special extra clear oracle • Requires only 1/2 the number of connections • Enabled by CVE-2016-703 / Divide-and-conquer session key recovery • Can be calculated in real time (under 1min on a single core) • Before the initial Handshake times out, allowing MITM It only takes a toddler 30 seconds
  • 16. TakeAWAY • Install patched packages! • Disable SSLv* • Disable Shitty Ciphers • Filter SSL negotiations on the network Stuff to do when you get home • Test for weak ciphers • Test for SSL negotiation • Test for Key Reuse • Do more than test! MITM and Decrypt things Defenders Attackers
  • 18. Practical DROWNing Putting a well known, highly computationally heavy crypto attack into practice in real time. Where What Who Ruxmon Melbourne Practical DROWNing Tim Noise
  • 19. tIMNOISE • twitter/dnoiz1 • github/dnoiz1 • mIRC/dnz • streetz/notorious D N Z • tim@drkns.net Blackhat sell out and V.I.L.E henchman