I now officially have a practical case where a DROP firewall rule helped me achieve my goal, and a REJECT rule instead would have prevented the attack from working. Funny )

After doing various tests I'm now reasonably sure that current experimental TLS1.3 implementation in Schannel lacks support for any kind of session resumption.If TLS1.3 is enabled, the client doesn't even advertise session_ticket support in ClientHello.

Part 2 of my schannel research is out: b.poc.fun/decrypting-sch…. It is much shorter and focuses mainly on session resumption. As always, feedback is very welcome, especially RE TLS1.3 resumption in schannel.

Thanks to Hackerdom and all participating teams for #ructf! It has been fun, as always.

Thanks Hackerdom, HITBSecConf , DisruptAD, Crowdfense, and all competitors for another great AD CTF!

Thing I learned today: Decrypting arbitrary TLS sessions on Windows (for code utilizing schannel): b.poc.fun/decrypting-sch… Great explanation, and very easy to use code, by George Noseevich

Hey H2HC, on your CFP page you have 2 deadlines - Oct 1 for proposals and Oct 17 for slides. Does that mean that you expect both proposals and slides before you make the decision about acceptance? Or only those who've received an acceptance note need to submit slides?