Rafael Felix
Rafael has been working with malware development for 4 years, also being involved in the malware community for more than 6 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for Hakai Offensive Security and Offensive Security Lead, being deeply involved with red-team operations.
Session
Modern browsers implement sophisticated encryption to protect session cookies from theft, yet these security measures continue to evolve in response to emerging threats. This session reveals the inner workings of Chrome's recently implemented AppBound encryption, which employs a two-tier protection system: DPAPI encryption with dual permission levels and ChaCha20Poly1305 algorithm with custom keys.
Despite these advancements, vulnerabilities persist. Through practical demonstrations, we'll examine how determined attackers can extract decrypted cookies by exploiting weaknesses in the current implementation. The session provides a comprehensive analysis of cookie format specifications and encryption methodologies across major browser engines, including Gecko's ASN.1-structured encryption, macOS Chromium's PBKDF2 implementation, and WebKit's binary cookie storage.
Looking forward, we'll explore Chrome's upcoming "Device Bound Session Cookies" (DBSC) technology, which aims to revolutionize cookie protection through TPM chip-based encryption and cryptographic key verification. Attendees will gain actionable insights into current browser security architectures, practical extraction techniques, and defensive strategies to mitigate cookie theft. This technical deep-dive equips security professionals with the knowledge needed to better understand and address this persistent threat vector in modern web applications.