2026-09-25 –, Main Track
Cryptographic padding oracle vulnerabilities are far from new. If you can throw crafted ciphertext at a Cipher Block Chaining (CBC) decryption endpoint, and it is kind enough to tell you whether it was a padding error or something else that caused it to blow up, you can use some crafty block algebra to turn it into a byte-by-byte decryption/encryption machine.
It may be tempting to fix a padding oracle vulnerability by normalising the error messages. Instead of saying, "Oops, there was a padding error!" simply say "Oops, there was an error." Better yet, just return a generic HTTP 500 response.
The problem is that error messages are only a symptom of padding oracles, they are not the root cause. Any kind of divergent code path behaviour can give rise to a subtle sub-millisecond timing difference, which can be just enough to reveal the secrets of a padding oracle.
Justin will walk you through the methodology behind CBC padding oracle exploitation, the curse of WAN jitter that can destroy a fragile timing signal, and the blessing of Timeless Timing Attacks (Van Goethem et al., 2020) which uses HTTP/2 co-scheduling to sniff out even the faintest of timing differentials.
Join us to hear about the full suite of Timeless Timing Attacks tooling we're releasing at BSides Canberra 2026 including Go libraries, statistical engines, and command-line tools. Learn how to exploit time-based padding oracle vulnerabilities, get bamboozled by statistical methodologies you thought you'd never have to hear about again, and wonder whether there are other "obvious" vulnerability fixes that could come undone given careful consideration of time. We can't wait to hear what you come up with!
Justin is a seasoned computer security professional with 14 years of experience across Incident Response and Software Security. As Tanto Security's Director of Research, Justin fosters the curiosity and ingenuity of our consultants, supporting them as they engage in their own research projects.