[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade

The KBID XXX – TLS Downgrade
I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server.
This attack is featured on many tests, including the Security+ and the CEH. Formally it’s a “POODLE attack.” (Google that name.) This GitHub page is a gold mine of info about how this all works, and it’s well worth the study of up-and-coming hackers/pen testers/security analysts.
Series Navigation<< [ Hacker Night School ] :: The Holy Unblocker[ Hacker Night School ] :: The Illustrated TLS Connection >>

One Reply to “[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade”

Comments are closed.