Marluan Cleary (Izzny)
Marluan Cleary is a Penetration Tester and cybersecurity student passionate about breaking, building, and securing systems. She researches and documents real-world vulnerabilities through technical blogs at Hexxed BitHeadz, offering hands-on insights into tools, techniques, and emerging threats. Focused on cryptography, exploit development, and offensive security,
Session
Every day, billions of messages are signed with HMACs. We assume using HMAC is the way to gatekeep integrity and authenticity. But what happens when this cryptographic seal is misunderstood, misused, or just plain broken?
This talk will show you how HMAC is not just a cryptographic construction, but a misunderstood superhero in the authentication world. Join me in the unraveling where HMAC went wrong and where it got it right, through code demos, vulnerability breakdowns, and examples using Python and open-source tools, we’ll showcase how even mature systems could fall victim to these quiet flaws and how to spot them before attackers do.