Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Watch a 45-minute conference talk from Ekoparty Security Conference where security researchers STÖK and JOOHOI demonstrate how changing a single bit in domain names (bitflipping) can be exploited to collect credentials and sensitive data. Learn about their two-year experiment registering bitflipped versions of popular cloud/SaaS provider domains, which resulted in collecting legitimate credentials, OAuth refresh tokens, JWT tokens, cookies, emails, and meeting invites with passwords. Explore their new offensive/defensive tool 'Certainly' that uses Wildcard DNS matching and dynamic SSL certificate generation to inject custom payloads across various protocols, with the goal of downgrading security, harvesting credentials, capturing emails and replacing dependencies. Gain insights into how this decade-old bit-flip research has been weaponized into a modern security threat.
