Build GenAI Apps from Scratch — UCSB PaCE Certificate Program
The Most Addictive Python and SQL Courses
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore the world of bit-flipping attacks in this 55-minute security talk from NDC Security in Oslo, Norway. Learn how changing a single bit in a domain name (like turning "google.com" into "coogle.com") can be exploited for credential harvesting. Security researchers Stök and Joohoi share their findings after registering numerous bit-flipped versions of popular cloud/SaaS provider domains and collecting incoming traffic for two years. Discover the surprising results: legitimate credentials, OAuth refresh tokens, JWT tokens, cookies, emails, and meeting invites with passwords. The presentation introduces "Certainly," an offensive/defensive tool that uses Wildcard DNS matching and on-the-fly SSL certificate generation to inject custom payloads across various protocols, demonstrating techniques to downgrade security, harvest credentials, capture emails, and replace dependencies. This talk builds upon bit-flip research from the past decade while showcasing practical applications and potential security implications.
Syllabus
Flipping Bits: Your Credentials Are Certainly Mine - Stök & Joohoi - NDC Security 2025
Taught by
NDC Conferences