Sign up to save your podcasts
Or
Share CBC Padding Oracles in 2025 with Wade King
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CBC Padding Oracles in 2025 with Wade King
CBC padding oracles are supposed to be “fixed,” but attackers are still using them to break real systems and take over accounts.
In this BSides Vancouver Island talk, security researcher Wade King walks through how classic CBC padding oracle attacks work, then shows new techniques that bypass “hardened” implementations by abusing how applications read and validate decrypted data. You’ll see how subtle crypto mistakes in legacy systems and token-based authentication can quietly turn into full account takeover.
This session is ideal for blue and red teamers, penetration testers, AppSec engineers, and security architects dealing with legacy crypto, custom tokens, or encryption in web apps and APIs.
Key topics include:
If you work on application security, pen testing, or crypto in production systems, this talk will sharpen how you think about “legacy but still deployed” encryption.
This session was recorded live at BSides Vancouver Island 2025 in Victoria, BC at the Victoria Conference Centre.
📣 BSides Vancouver Island 2026 Conference
Join us on Friday, September 25, 2026
Victoria Conference Centre, Victoria, BC
🎤 Call for Presenters (CFP) — Deadline August 14, 2026
https://www.bsidesvi.com/cfp
🤝 Sponsorship Opportunities — Deadline August 14, 2026
https://www.bsidesvi.com/cfs
💬 Join the Community Slack
https://communityinviter.com/apps/visrs/visrs
Subscribe for more cybersecurity talks, AppSec deep dives, and crypto/security content from BSides Vancouver Island.
#CBCCrypto #PaddingOracle #AppSec #PenTesting #BlueTeam #RedTeam #BSidesVI #BSidesVancouverIsland #VictoriaBC #CyberSecurity #InfoSec #SecurityConference #CryptoSecurity
View all episodes
By CBC padding oracles are supposed to be “fixed,” but attackers are still using them to break real systems and take over accounts.
In this BSides Vancouver Island talk, security researcher Wade King walks through how classic CBC padding oracle attacks work, then shows new techniques that bypass “hardened” implementations by abusing how applications read and validate decrypted data. You’ll see how subtle crypto mistakes in legacy systems and token-based authentication can quietly turn into full account takeover.
This session is ideal for blue and red teamers, penetration testers, AppSec engineers, and security architects dealing with legacy crypto, custom tokens, or encryption in web apps and APIs.
Key topics include:
If you work on application security, pen testing, or crypto in production systems, this talk will sharpen how you think about “legacy but still deployed” encryption.
This session was recorded live at BSides Vancouver Island 2025 in Victoria, BC at the Victoria Conference Centre.
📣 BSides Vancouver Island 2026 Conference
Join us on Friday, September 25, 2026
Victoria Conference Centre, Victoria, BC
🎤 Call for Presenters (CFP) — Deadline August 14, 2026
https://www.bsidesvi.com/cfp
🤝 Sponsorship Opportunities — Deadline August 14, 2026
https://www.bsidesvi.com/cfs
💬 Join the Community Slack
https://communityinviter.com/apps/visrs/visrs
Subscribe for more cybersecurity talks, AppSec deep dives, and crypto/security content from BSides Vancouver Island.
#CBCCrypto #PaddingOracle #AppSec #PenTesting #BlueTeam #RedTeam #BSidesVI #BSidesVancouverIsland #VictoriaBC #CyberSecurity #InfoSec #SecurityConference #CryptoSecurity