Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: William Robinet
Abstract
In this talk, I’ll present how I discovered a vulnerability common to various TLS/SSL cryptographic toolkits while considering giving a lightning talk at hack.lu last year …
Description
We’ll see how to craft ASN.1 messages and how it helps highlight issues in some CLI apps (OpenSSL as an example).
I’ll then show how this problem extends to other cryptographic toolkits and how one can exploit such issues in order to trap unsuspecting administrators.
We’ll walk through the different attack vectors I found.