29C3 - Version 1.9
Referenten | |
---|---|
Carlos Garcia Prado |
Programm | |
---|---|
Tag | Day 2 - 2012-12-28 |
Raum | Saal 6 |
Beginn | 20:30 |
Dauer | 01:00 |
Info | |
ID | 5219 |
Veranstaltungstyp | Vortrag |
Sprache der Veranstaltung | englisch |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
"How I met your pointer"
Hijacking client software for fuzz and profit
An approach to the problem of fuzzing proprietary protocols will be shown, focusing on network protocols and native software. In the course of this talk I will combine several methods in order to force the client software to work as a “double agent” against the server.
An interesting approach to the problem of fuzzing proprietary protocols will be presented. Since the method is applicable to several kinds of software and in order to keep an example in mind through all the talk, I will be focusing on network protocols and native software.
The main idea behind it is very simple: “in a client/server architecture, the client knows how the protocol works.”
In the course of this talk I will need to combine several methodologies in order to "force" the client software to work as a “double agent” against the server. Advanced hooking, dynamic binary instrumentation and differential debugging are among the topics discussed here.
The talk includes a live demo of this method in which a small program implementing a proprietary protocol will be fuzzed (without knowledge of it) and a memory corruption will be found.
Last but not least, the talk is written in a very amusing style with multiple references to "nerd culture" and interacting with the audience to make the (hard) topic as interesting and entertaining as it can be.