Listen to the Whispers: Web Timing Attacks that Actually Work
James Kettle
DEF CON 32 Main Stage · Day 1 · Main Stage
In this compelling DEF CON 32 talk, "Listen to the Whispers: Web Timing Attacks that Actually Work," renowned security researcher James Kettle tackles the notoriously elusive world of **web timing attacks**. Often relegated to theoretical discussions or highly controlled lab environments, timing attacks have long frustrated practitioners due to the overwhelming "noise" of real-world network conditions. Kettle's research, born from a decade of avoiding this "research trap," reveals how modern web protocols, particularly **HTTP/2**, have fundamentally shifted the landscape, making these attacks not only viable but broadly applicable against live systems.
AI review
James Kettle's research fundamentally redefines the viability of web timing attacks, pushing them from theoretical curiosities to practical, real-world exploits. By meticulously addressing network and internal jitter through refined HTTP/2 techniques, he demonstrates how to achieve microsecond precision on live systems. This talk is a critical advancement, providing novel techniques and open-source tooling that will undoubtedly open a new frontier for vulnerability research and force defenders to reassess their threat models.