Tuesday, August 09, 2016

Time is on your Side talk and links





Links from the talk:

1 comment:

ChrisAD said...

Very cool. I keep seeing this consistent in web solutions as well. I am working on a pentest right now where legit usernames consistently produce a 1 second ekstra long delay, while non-legit usernames are 1 second quicker. Very easy to probe for this using Burp Suite intruder. I'll single thread an attack with possible usernames, run it through, then right click the outliers and request the items again.