Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

This session will highlight research into more effective testing and exploitation techniques for CBC padding oracles. We'll uncover how a slight tweak to POODLE resurrected the vulnerability in a major enterprise HTTPS implementation more than three years after it had been patched. The presentation will also introduce GOLDENDOODLE, a special case attack based on POODLE with the promise to disclose session IDs in just a fraction of the time it takes to exploit POODLE. By Craig Young Full Abstract & Presentation Materials: https://www.blackhat.com/asia-19/briefings/schedule/#zombie-poodle-goldendoodle-and-how-tlsv-can-save-us-all-13741