Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a Black Hat conference talk that delves into the fascinating world of bitflip domain attacks and credential harvesting through an accidental discovery turned innovative security research. Learn how changing a single bit in popular domain names can create valid "bitflip" domains, leading to the collection of legitimate credentials, OAuth tokens, JWTs, cookies, and other sensitive information. Discover the capabilities of 'Certainly', an open-source offensive/defensive tool that facilitates long-term passive credential harvesting and payload deployment through bitflip-typosquatting domains. Master techniques for intercepting requests, implementing Wildcard DNS matching, generating on-the-fly SSL certificates, and understanding how to downgrade security measures across various protocols. Examine previously published bitflip research and its impact on modern web technology and cloud infrastructure, while gaining insights into both red-team implementation strategies and essential defensive mitigations against non-human generated attacks.
