About the Speaker
< Talk Title />
< Talk Category />
< Talk Abstract />
In this talk, I'll present how I just discovered a vulnerability common to various TLS/SSL cryptographic toolkits by chance.I'll start by presenting my own ASN.1 templating tool, an almost pure Perl script that converts the output of the `asn1parse` OpenSSL CLI command into a textual description that can be used to reconstruct the original ASN.1 structure. We'll see how the tool works and how it helped highlight an issue in some OpenSSL CLI apps.
I'll then show how this problem extends to other cryptographic toolkits and how one can exploit such issues in order to trap unsuspecting administrators.
We'll walk through the different attack vectors I found.
< Speaker Bio />
William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his ASN.1 templating tool at Pass the SALT 2023 in Lille. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.