Fingerprinting Web Application Platforms by Variations in PNG Implementations

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=q1KcEMVo4_8


Duration: 18:03
0 views
0

Fingerprinting is an important preliminary step when auditing web applications. But the usual techniques based on the analysis of cookies, headers, and static files are easy to fool. Fingerprinting digital images is a technique commonly used for forensic investigations but rarely for security audits. Moreover, it is mostly based on the analysis of JPEG images only. In this talk we study the implementation differences between a number of PNG decoders/encoders, either build-in or commonly used with the main web application development platforms. As a result, we give a set of tests that can discriminate between various PNG libraries. As a consequence, it is often possible to identify the platform behind a website even when an effort has been made to prevent fingerprinting, as long as said website allows the upload of PNG images.

PRESENTED BY
Dominique Bongard

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-03Smart Nest Thermostat A Smart Spy in Your Home
2022-01-03Thinking Outside the Sandbox Violating Trust Boundaries in Uncommon Ways
2022-01-03Why Control System Cyber Security Sucks
2022-01-02The Networked Security State Estimation Toolkit
2022-01-02Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014
2022-01-02BadUSB On Accessories that Turn Evil by Karsten Nohl Jakob Lell
2022-01-02Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces
2022-01-02Data Only Pwning Microsoft Windows Kernel
2022-01-0248 Dirty Little Secrets Cryptographers Don't Want You To Know
2022-01-02Defeating the Transparency Feature of DBI
2022-01-02Fingerprinting Web Application Platforms by Variations in PNG Implementations
2022-01-02802 1x and Beyond
2022-01-02From Attacks to Action Building a Usable Threat Model to Drive Defensive Choices
2022-01-02Bitcoin Transaction Malleability Theory in Practice
2022-01-02A Journey to Protect Points of Sale
2022-01-02Extreme Privilege Escalation on Windows 8 UEFI Systems
2022-01-02Babar ians at the Gate Data Protection at Massive Scale
2022-01-02Exposing Bootkits with BIOS Emulation
2022-01-02Attacking Mobile Broadband Modems Like a Criminal Would
2022-01-02Creating a Spider Goat Security with Intel CPU Transactional Memory Support
2022-01-02APT Attribution and DNS Profiling


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
fraud
malware
secure
identity
criminal
phishing
software
access
safety
system
firewall
communication
business
privacy
binary
account
spy
programmer
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Dominique Bongard