BruCON 0x09 has ended
Back To Schedule
Friday, October 6 • 10:30 - 12:30
Defeating Proprietary Protocols the Smart Way FULL

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity full
Adding this to your schedule will put you on the waitlist.

Started six years ago, the project Netzob [www.netzob.org] aims at providing state-of-the-art algorithms for protocol reverse engineering in an open source framework. In this project, we have implemented and extended previous academic works for message format and state machine reversing. We have also designed novel algorithms that properly exploits contextual information to infer the semantic attributes contained in protocols.

The project Netzob does not only focus on protocol reversing, and now addresses many needs related to security (traffic generation of proprietary protocols for the evaluation of security products, ”smart” fuzzing of protocol implementation, automatic generation of protocol parsers, etc.). Netzob is usable through a Python API that allows a semi-automatic approach for reverse engineering. It also deals with several communication vectors (USB, Network, PCAP files, IPC, ...) and can easily be extended thanks to its code architecture.

During this workshop, the following topics will be addressed through practical and realistic exercises:
- Common and advanced protocol reverse engineering techniques. This part will cover techniques such as automatic field identifications, contextual clustering, semantic sequence alignment, field’s dependency identification through correlation means, …
- “Smart” fuzzing of undocumented or proprietary protocols. This part will focus on traffic generation and mutation strategies along with various techniques to produce a fine grained definition domain configuration of each fields and state machine transition to fuzz.
- Vulnerability assessment by means of state machine comparison. This part will focus on the automatic extraction of the state machine of a protocol. Once achieved, attendees will learn how to leverage this technique on multiple implementations of the same protocol to find vulnerabilities.

Friday October 6, 2017 10:30 - 12:30 CEST
04. Orval Novotel