@BlackHatOfficialYT
@BlackHatOfficialYT
Black Hat | Three New Attacks Against JSON Web Tokens @BlackHatOfficialYT | Uploaded 9 months ago | Updated 9 hours ago
JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of unnecessary complexity. These have arguably led to severe vulnerabilities such as the well-known "alg":"none" attack....

By: Tom Tervoort

Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695
Three New Attacks Against JSON Web TokensUnmasking APTs: An Automated Approach for Real-World Threat AttributionThe Living Dead: Hacking Mobile Face Recognition SDKs with Non-Deepfake AttacksBlack Hat Europe 2024 at the ExCel, London December 9-12 Sizzle ReelBlack Hat Asia 2024 HighlightsWhat the TrustZone-M Doesnt See, the MCU Does Grieve Over: Lessons LearnedA SSLippery Slope: Unraveling the Hidden Dangers of Certificate MisuseWeaponizing Plain Text: ANSI Escape Sequences as a Forensic NightmareThe Yandex Leak: How a Russian Search Giant Uses Consumer DataMe and My Evil Digital Twin: The Psychology of Human Exploitation by AI AssistantsFrom BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting ScamsAutoSpill: Zero Effort Credential Stealing from Mobile Password Managers

Three New Attacks Against JSON Web Tokens @BlackHatOfficialYT

SHARE TO X SHARE TO REDDIT SHARE TO FACEBOOK WALLPAPER