The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility @BlackHatOfficialYT

Black Hat | The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility @BlackHatOfficialYT | Uploaded 6 months ago | Updated 1 hour ago
...How do you go about fully understanding what cryptography you have, how it is used and if it's good or bad? This was the question we started to ask ourselves and set about trying to answer using static analysis tools such as GitHub's CodeQL.

Given how we all rely heavily on open-source projects, we set about scanning the top 1000 GitHub open-source projects to identify insecure cryptographic algorithms. We used GitHub's CodeQL multi-repository variant analysis to build a cryptographic bill of materials (CBOM) for each project. The CBOM will list all of the cryptographic algorithms that are used in the project, as well as their security status, and more importantly, help us identify all of the places where insecure cryptographic algorithms are used in the projects....

By: Mark Carney , Daniel Cuthbert , Niroshan Rajadurai , Benjamin Rodes

Full Abstract and Presentation Materials:
blackhat.com/eu-23/briefings/schedule/#the-magnetic-pull-of-mutable-protection-worked-examples-in-cryptographic-agility-36030

Smashing the State Machine: The True Potential of Web Race Conditions

Hacking Your Documentation: Who Should WTFM?

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM 0-Day Vulnerability

Making and Breaking NSAs Codebreaker Challenge

Evading Logging in the Cloud: Bypassing AWS CloudTrail

Debug7: Leveraging a Firmware Modification Attack for Remote Debugging of Siemens S7 PLCs

Magicdot: A Hackers Magic Show of Disappearing Dots and Spaces

Illegitimate Data Protection Requests - To Delete or to Address?

IRonMAN: InterpRetable Incident Inspector Based ON Large-Scale Language Model and Association miNing

Kill Latest MPU-based Protections in Just One Shot: Targeting All Commodity RTOSes