Luciano Mammino

Luciano Mammino

@loige

I am a software engineer born in 1987, the same year that “Super Mario Bros” was released in Europe, which, by chance is my favourite game! I started coding early at the age of 12, hacking away with my father's old i386 armed only with MS-DOS and the QBasic interpreter and I have been professionally a software developer for more than 10 years. I am currently a Solution Architect at Vectra AI in Dublin where I am working on automating the hunt for cyberattackers and speeding-up incident response. I love the fullstack web, Node.js and Serverless so I co-authored the book ""Node.js design patterns"" (http://amzn.to/1ZF279B), launched fstack.link (a semi-automated newsletter for Fullstack developers) and Serverlesslab.com (in-house serverless training).

 

Cracking JWT tokens: a tale of magic, Node.JS and parallel computing

10:10-10:55am

6th Floor CPE & CPW

"Learn how you can use some JavaScript/Node.js black magic to crack JWT tokens and impersonate other users or escalate privileges. Just add a pinch of ZeroMQ, a dose of parallel computing, a 4 leaf clover, mix everything applying some brute force and you'll get a powerful JWT cracking potion!

JWT tokens are powerful artifacts that magicians from all over the World are using to secure modern apps and APIs. But as any other magic tool, those powerful tokens need to be used with caution and mastery, otherwise, they might become dangerous exploitable vulnerabilities.

In this talk, I will demonstrate how evil magicians can cast a JWT brute force spell to take control of poorly constructed JWT tokens. From the books of dark magic, we are going to read rhymes of Node.js, ZeroMQ and parallel computing to make this evil plan happen and by doing so we are going to make fool of all those noobs magicians who don't know yet how to safely use JWT tokens!"

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Tote Bag Sponsor

Lanyard Sponsor

Community Partner