This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE.

By Craig Young

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/brie...