Главная
Study mode:
on
1
Intro
2
Traditional network threat model
3
Our focus: Inter-process communication (IPC)
4
Man-in-the-Machine (Mit Ma)
5
What makes IPC vulnerable
6
Network socket on localhost
7
Network socket: Client impersonation
8
Network socket: Server impersonation
9
Network socket Man-in-the-middle
10
Windows named pipe: Access control
11
Windows named pipe: Client impersonation
12
Windows named pipe: Server impersonation
13
Windows named pipe: Man-in-the-Middle
14
USB HID devices
15
Standalone password managers
16
Client impersonation on RoboForm
17
1Password - Key derivation protocol
18
Server impersonation on 1Password
19
Password managers with Native messaging
20
Man-in-the-Middle on Password Boss (2)
21
FIDO U2F security key
22
Unauthorized access of FIDO U2F key
23
Mitigation
24
Conclusion
Description:
Explore the vulnerabilities of Inter-Process Communication (IPC) in this conference talk from Hack.lu 2018. Delve into the concept of Man-in-the-Machine (MitM) attacks and examine various IPC mechanisms, including network sockets on localhost and Windows named pipes. Investigate potential security risks in standalone password managers, analyzing specific cases like RoboForm and 1Password. Learn about client and server impersonation techniques, as well as Man-in-the-Middle attacks on Password Boss. Discover the security implications for FIDO U2F keys and unauthorized access. Gain insights into mitigation strategies to address these vulnerabilities and enhance IPC security.

IPC - The Broken Dream of Inherent Security

Cooper
Add to list
#Conference Talks #Hack.lu #Information Security (InfoSec) #Cybersecurity #Network Security #Man in The Middle Attacks #Password Managers
1 of 24

Intro