Stacking the Virtual Deck: Attacks by Predicting RNGs

DerbyCon V - Unity

Presented by: Adam Schwalm
Date: Saturday September 26, 2015
Time: 09:00 - 09:25
Location: Track 5
Track: Stable Talks

Many program written today require the ability to generate pseudo-random values. There are many ways of doing this and most languages and platforms choose unfortunate defaults, allowing attackers to predict the output of these RNGs and launch a variety of practical attacks. I discuss how some of these RNGs work and how they can be exploited. I will also release and discuss a tool for performing RNG prediction.

Adam Schwalm


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats