![DEF CON 23 [Audio] Speeches from the Hacker Convention artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts123/v4/c3/f8/7e/c3f87e44-fc95-645c-620b-3c8e5117429e/mza_5097239825481086059.jpg/100x100bb.jpg)
Eric (XlogicX) Davisson - REvisiting RE:DoS
DEF CON 23 [Audio] Speeches from the Hacker Convention
English - October 09, 2015 23:37 - 40.8 MB - ★★★ - 4 ratingsTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 23 def con 23 dc-23 dc23 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Eric-XlogicX-Davisson-ReDoS.pdf
REvisiting RE:DoS
Eric (XlogicX) Davisson Not a security researcher
Regular Expression Denial of Service has existed for well over a decade, but has not received the love it deserves lately. There are some proof of concept attacks out there currently, most of which are ineffective due to implementation optimizations. Regardless of the effectiveness most of these PoC's are geared only to NFA engines.
This talk will demonstrate working PoC's that bypass optimizations. Both NFA and DFA engines will get love. Tools will be released (with demonstration) that benchmark NFA/DFA engines and automate creation of 'evil strings' given an arbitrary regular expression. Attendees can expect a review of regex and a deep under the hood explanation of both regex engines before abuses ensue.
^ Not a security researcher