Hunting for vulnerabilities in custom protocols can be shrouded in mystery to the novice. While there are many resources on the subject, its hard to find a single source of information that introduces the process from start to finish. This talk aims to introduce the tools and process involved in reversing an unknown protocol, interfacing with it, and ultimately fuzzing it to find vulnerabilities.
The talk will address the questions:
- How does reversing and fuzzing protocols benefit my security program?
- Who should do this kind of work?
- What will I need?
It will also introduce you to netzob, scapy, wireshark dissectors, nmap NSE, and sulley.
Sanders Diaz is a Penetration tester based in the Central Florida region, working as a consultant in the public sector. He currently holds SANS GPEN and GXPN certifications. Along with penetration testing, Sanders nurses a healthy interest in development, reversing, gaming, and cars.