CLI ambush
2025-10-24 , Europe

In this talk, I'll present how I discovered a vulnerability common to various TLS/SSL cryptographic toolkits while considering giving a lightning talk at hack.lu last year ...


We'll see how to craft ASN.1 messages and how it helps highlight issues in some CLI apps (OpenSSL as an example).

I'll then show how this problem extends to other cryptographic toolkits and how one can exploit such issues in order to trap unsuspecting administrators.
We'll walk through the different attack vectors I found.

William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.

This speaker also appears in: