Weaponizing Unicode: Homographs Beyond IDNs

DEF CON 26

Presented by: The Tarquin
Date: Friday August 10, 2018
Time: 15:00 - 15:45
Location: 101 Track

Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.

The Tarquin

The Tarquin is a security engineer at Amazon.com. His security background is in browser development and application security. His hacking background is mainly in attempting to maximize the absurdity content of systems. He also studied philosophy, specializing in the Phenomenology of Technology and seeks to understand the ways in which our systems help the human brain lie to itself. His years as a dev have given him a bad habit of needling red teamers. His years in philosophy have given him a bad habit of switching sides in an argument seemingly at random.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats