BITCOIN TRANSACTION MALLEABILITY THEORY IN PRACTICE

Black Hat USA 2014

Presented by: Daniel Chechik, Ben Hayak
Date: Thursday August 07, 2014
Time: 10:15 - 11:15
Location: South Seas CD

A mysterious vulnerability from 2011 almost made the Bitcoin network collapse. Silk Road, MTGox, and potentially many more trading websites claim to be prone to "Transaction Malleability." We will shed some light and show in practice how to exploit this vulnerability.

Daniel Chechik

Daniel Chechik is a Senior security researcher at Trustwave's SpiderLabs. Among other things, he specializes in malware analysis, web exploits detection, Trojan and botnet detection, and neutralizing and defining security requirements for the Secure Web Gateway product. Prior to that, Daniel served in a technological unit as a security specialist in the IDF. During the service, Daniel specialized in CheckPoint firewall equipment, antivirus products and other IT security products. Daniel, among other things, has spoken at the RSA, DEF CON, and OWASP conferences, holds CEH and CCSE certificates and has a patent pending for 'Detecting Malware Communication on an Infected Computing Device.

Ben Hayak

I'm Ben Hayak, a Security Researcher. My main interests are reverse engineering, web application security and client-server security. I have quite a few years of experience with Assembler/Assembly language, debugging, and programming. I have three years of data communications experience with CCNA & CCNP route qualifications. I also have great experience as a security consultant, surveying the penetrability of data systems and providing practical solutions for organizations. Currently, I work as a security researcher in Trustwave SpiderLabs. My expertise includes reviewing, isolating, analyzing, and reverse engineering programs that are vulnerable or malicious code in order to determine and develop protection against the specific nature of the threat. I am also one of the Top 0xA list of security researchers on Google security list.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats