In September Juliano Rizzo and Thai Duong unveiled their latest masterpiece: A padding oracle attack on the crypto implementation of the ASP.net framework allowed them to download any file. Their original presentation did not fully unveil how to practically implement the attack. This hands-on presentation is the result of our notes and experience in developing a reliable exploit for the padding oracle attack against ASP.net. It takes you from a simple CAPTCHA crack to a fully optimized padding oracle attack against ASP.net that bypasses all typical workarounds.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.