Uohq2iulqf27inc7g0qj
SkillsCast

Cracking JWT Tokens: A Tale of Magic, Node.JS And Parallel Computing

11th July 2018 in London at Business Design Centre

There are 69 other SkillsCasts available from FullStack London 2018 - The Conference on JavaScript, Node & Internet of Things

Please log in to watch this conference skillscast.

712734765 640

Learn how you can use some JavaScript/Node.js black magic to crack JWT tokens and impersonate other users or escalate privileges. Just add a pinch of ZeroMQ, a dose of parallel computing, a 4 leaf clover, mix everything applying some brute force and you'll get a powerful JWT cracking potion! JWT tokens are powerful artifacts that magicians from all over the World are using to secure modern apps and APIs. But as any other magic tool, those powerful tokens need to be used with caution and mastery, otherwise, they might become dangerous exploitable vulnerabilities.

In this talk, Luciano will demonstrate how evil magicians can cast a JWT brute force spell to take control of poorly constructed JWT tokens. From the books of dark magic, you are going to read rhymes of Node.js, ZeroMQ and parallel computing to make this evil plan happen and by doing so you are going to make fool of all those noobs magicians who don't know yet how to safely use JWT tokens!

YOU MAY ALSO LIKE:

Cracking JWT Tokens: A Tale of Magic, Node.JS And Parallel Computing

Luciano Mammino

Luciano is a software engineer born in 1987, the same year that “Super Mario Bros” was released in Europe, which, by chance is his favourite game! Luciano started coding early at the age of 12, hacking away with his father's old i386 armed only with MS-DOS and the QBasic interpreter and he has been professionally a software developer for more than 10 years. Luciano is currently a Solution Architect at Vectra AI in Dublin where he's working on automating the hunt for cyberattackers and speeding-up incident response.

SkillsCast

Please log in to watch this conference skillscast.

712734765 640

Learn how you can use some JavaScript/Node.js black magic to crack JWT tokens and impersonate other users or escalate privileges. Just add a pinch of ZeroMQ, a dose of parallel computing, a 4 leaf clover, mix everything applying some brute force and you'll get a powerful JWT cracking potion! JWT tokens are powerful artifacts that magicians from all over the World are using to secure modern apps and APIs. But as any other magic tool, those powerful tokens need to be used with caution and mastery, otherwise, they might become dangerous exploitable vulnerabilities.

In this talk, Luciano will demonstrate how evil magicians can cast a JWT brute force spell to take control of poorly constructed JWT tokens. From the books of dark magic, you are going to read rhymes of Node.js, ZeroMQ and parallel computing to make this evil plan happen and by doing so you are going to make fool of all those noobs magicians who don't know yet how to safely use JWT tokens!

YOU MAY ALSO LIKE:

About the Speaker

Cracking JWT Tokens: A Tale of Magic, Node.JS And Parallel Computing

Luciano Mammino

Luciano is a software engineer born in 1987, the same year that “Super Mario Bros” was released in Europe, which, by chance is his favourite game! Luciano started coding early at the age of 12, hacking away with his father's old i386 armed only with MS-DOS and the QBasic interpreter and he has been professionally a software developer for more than 10 years. Luciano is currently a Solution Architect at Vectra AI in Dublin where he's working on automating the hunt for cyberattackers and speeding-up incident response.

Photos