Learn cryptography, or at least why you should stay away from it, the fun way! By breaking some yourself, live. After doing hash extension and CBC padding oracles the past years, today we'll implement one of the evergreens of crypto attacks: the Bleichenbacher '06 e=3 RSA signature forgery.
Bleichenbacher '06 is a common attack against RSA that allows an attacker to fake a signature. It broke Firefox, then GnuTLS, then again Firefox (BERserk), then python-rsa... And who knows next. You'll learn how it works, how to mount it, and then attack real world implementations with your own code. The session is 100% hands-on, with very little material (basically just docs, a target server implementation, and some client boilerplate). I'll explain the crypto and attack basics and then proceed to code the exploit live, along with the audience, stopping often to analyze and compare outputs and milestones. No slides, just cold hard code and data produced along the way. No cryptography experience needed at all. Bring your laptop and Python chops.
Filippo Valsorda (@FiloSottile) is a systems and cryptography engineer at CloudFlare, where he kicked DNSSEC until it became something deployable. Nevertheless, he's probably best known for making popular online vulnerability tests, including the original Heartbleed test. He’s really supposed to implement cryptosystems, not break them, but you know how it is. @FiloSottile