Категории

Three New Attacks Against JSON Web Tokens

Опубликовано: 21 Декабрь 2023
на канале: Black Hat
6,262
199

JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of unnecessary complexity. These have arguably led to severe vulnerabilities such as the well-known "alg":"none" attack....

By: Tom Tervoort

Full Abstract and Presentation Materials: https://www.blackhat.com/us-23/briefi...

play_arrow
4,711
106

Freddie Dredd - Endless Sea (speed up)

Freddie Dredd - Endless Sea (speed up)
play_arrow
109,230
2.2 тыс

How To Build A Gaming PC 2023! Budget Build with AMD RX 6600!

How To Build A Gaming PC 2023! Budget Build with AMD RX 6600!
play_arrow
68
2

The Cycle: Frontier | Официальный трейлер 2022

The Cycle: Frontier | Официальный трейлер 2022
play_arrow
26
3

Приколы на дороге! 2018ГАИ Авто приколы! Подборка приколов на дороге! Д

Приколы на дороге! 2018ГАИ Авто приколы! Подборка приколов на дороге! Д
play_arrow
32
1

диалог

диалог "Россия и Франция сегодня" В1/ В2
play_arrow
2,801
220

🐇🕳️

🐇🕳️"This is NOT my dimension!" - (Possible Dimensional Switch)...DTRH Ep. 72
play_arrow
14,355
1.3 тыс

airforce 2023 expected cutoff by mayanksir

airforce 2023 expected cutoff by mayanksir

play_arrow
17,828
317

РАВШАН С ПАЦАНАМИ СОБРАЛИСЬ ДЛЯ ИГРЫ В ПЕЙНТБОЛ! | СТАЯ ПРОТИВ КОМАНДЫ ГУАКАМОЛЕ

РАВШАН С ПАЦАНАМИ СОБРАЛИСЬ ДЛЯ ИГРЫ В ПЕЙНТБОЛ! | СТАЯ ПРОТИВ КОМАНДЫ ГУАКАМОЛЕ
Похожие видео
play_arrow
Keynote - Securing Our Cyberspace Together

Keynote - Securing Our Cyberspace Together
play_arrow
Fireside Chat: Jeff Moss and Ruimin He

Fireside Chat: Jeff Moss and Ruimin He
play_arrow
LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
play_arrow
Emerging Frontiers: Insights from the Black Hat Asia Review Board

Emerging Frontiers: Insights from the Black Hat Asia Review Board
play_arrow
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
play_arrow
The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition
play_arrow
Privacy Detective: Sniffing Out Your Data Leaks for Android

Privacy Detective: Sniffing Out Your Data Leaks for Android
play_arrow
Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs
play_arrow
The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms
play_arrow
One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks

One Flip is All It Takes: Identifying Syscall-Guard Variables for Data-Only Attacks
play_arrow
Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments

Faults in Our Bus: Novel Bus Fault Attack to Break Trusted Execution Environments
play_arrow
You Shall Not PASS - Analysing a NSO iOS Spyware Sample

You Shall Not PASS - Analysing a NSO iOS Spyware Sample