Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 
View analytic
Tuesday, August 5 • 15:00 - 16:00
Untwisting the Mersenne Twister: How I killed the PRNG

Sign up or log in to save this to your schedule and see who's attending!

"Applications rely on generating random numbers to provide security, and fail catastrophically when these numbers turn out to be not so “random.” For penetration testers, however, the ability to exploit these systems has always been just out of reach. To solve this problem, we've created “untwister:” an attack tool for breaking insecure random number generators and recovering the initial seed. We did all the hard math, so you don't have to!

Random numbers are often used in security contexts for generating unique IDs, new passwords for resets, or cryptographic nonces. However, the built-in random number generators for most languages and frameworks are insecure, leaving applications open to a series of previously theoretical attacks.

Lots of papers have been written on PRNG security, but there's still almost nothing practical you can use as a pentester to actually break live systems in the wild. This talk focuses on weaponizing what used to be theoretical into our tool: untwister.

Let's finally put rand() to rest."

Speakers
DA

Dan 'AltF4' Petro

Dan Petro is a Senior Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on application penetration testing and secure development. | | Dan has presented at numerous conferences, including DEFCON, HOPE, and BSides, and is the founding member of the Pi Backwards CTF team... Read More →


Tuesday August 5, 2014 15:00 - 16:00
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

Attendees (14)