protocol fuzzing past, present, future

Similar documents
protocol fuzzing past, present, future

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities. A.K.A Fuzzing 101

Peach Fuzzer Platform

*[Bug hunting ] Jose Miguel Esparza 7th November 2007 Pamplona S21sec

Testing for Security

Penetration Testing with Kali Linux

The Advantages of Block-Based Protocol Analysis for Security Testing

DISCOVERY OF WEB-APPLICATION VULNERABILITIES USING FUZZING TECHNIQUES

A Link Layer Discovery Protocol Fuzzer

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES

Vulnerability Assessment and Penetration Testing

ensuring security the way how we do it

Sergey Bratus Trust Lab, Dartmouth College

Attack and Defense Techniques

Will Dormann: Sure. Fuzz testing is a way of testing an application in a way that you want to actually break the program.

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

Learn Ethical Hacking, Become a Pentester

ACHILLES CERTIFICATION. SIS Module SLS 1508

June 2014 WMLUG Meeting Kali Linux

Application Denial of Service Is it Really That Easy?

How To Understand A Network Attack

Application Intrusion Detection

The Sulley Framework: Basics By loneferret

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

How I Learned to Stop Fuzzing and Find More Bugs

Bug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit

Stateful Firewalls. Hank and Foo

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

CS5008: Internet Computing

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

Debugging With Netalyzr

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

How to make free phone calls and influence people by the grugq

The Hacker Strategy. Dave Aitel Security Research

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

Performance Testing Web 2.0

Fuzzing in Microsoft and FuzzGuru framework

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Attacking the Traveling Salesman Point-of-sale attacks on airline travelers DEFCON 2014

The VoIP Vulnerability Scanner

Fuzzing an ios Application

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

How I DOS ed My Bank. (DTMF Input Processing Easy DOS Attacks via Phone Lines)

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Sample Report. Security Test Plan. Prepared by Security Innovation

Security of IPv6 and DNSSEC for penetration testers

Review and Exploit Neglected Attack Surface in ios 8. Tielei Wang, Hao Xu, Xiaobo Chen of TEAM PANGU

Defense in Depth: Protecting Against Zero-Day Attacks

Web Applications Security: SQL Injection Attack

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Attacking VoIP Networks

Application Security Testing

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Evaluation of Penetration Testing Software. Research

Evaluation of Security for a H.323-based VoIP Emulated Architecture

Improving Web Vulnerability Scanning. Daniel Zulla

Guideline for stresstest Page 1 of 6. Stress test

Session 3: Security in a Software Project

Social-Engineering. Hacking a mature security program. Strategic Penetration Testing

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Attack and Penetration Testing 101

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

Passive Vulnerability Detection

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Topics in Network Security

Chapter 8 Security Pt 2

CIT 380: Securing Computer Systems

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

VoIP Phreaking Introduction to SIP Hacking. Hendrik Scholz 22C3, Berlin, Germany

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

Application Code Development Standards

Malicious Network Traffic Analysis

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

CONTENTS. Foundations. Case Study: The Black Hat Hassle Acknowledgments Introduction

Custom Penetration Testing

Attack Frameworks and Tools

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

How To Protect Your Network From Attack From Outside From Inside And Outside

Firewalls Netasq. Security Management by NETASQ

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8

Deployment of Snort IDS in SIP based VoIP environments

Linux Network Security

Penetration Testing: Lessons from the Field

How to build a security assessment program. Dan Boucaut

Cutting Edge Practices for Secure Software Engineering

Transcription:

protocol fuzzing past, present, future luiz eduardo senior systems & security engineer leduardo (at) musecurity.com Hack in the Box 07 - Kuala Lumpur Mu Security, Inc. All Rights Reserved Copyright 2007

agenda history of fuzzing protocol fuzzing fuzzable or not? non-sense fuzzing session-based fuzzing / stateful-based fuzzing tools techniques challenges getting creative packet fun predictions resources 2 hack in the box 07 - kuala lumpur

fuzzing history born @ university of madison in 1989 by professor barton miller and his crew why? buzz word in the past few years sorta hope to find 0 days not just a http thing file format fuzzing application fuzzing and 3 hack in the box 07 - kuala lumpur

(possible definition)/ terms/ keywords/ etc malformed / semi-malformed/ invalid input random target exception-handling mutations instrumentation art / creativity agents negative-testing changed the mentality of: but.. that packet doesn t follow the rfc spec or hmmmmm but people are not supposed to send these packets 4 hack in the box 07 - kuala lumpur

(con)fuzzable or not? 5 hack in the box 07 - kuala lumpur

mainstreaming fuzzing numerous bugs found in the past few years some of them make the news others probably not growth in the number of specific tools 6 hack in the box 07 - kuala lumpur

corporate fuzzing again, nothing new. but if you don t fuzz, someone else will fuzzing became a common practice (regardless if it s done correctly or not) delivering products / services with basic testing is no longer acceptable 7 hack in the box 07 - kuala lumpur

so protocol fuzzing protocol abuse test robustness of the target from instability to crashes (or to remote code execution) if it s already hard for one to follow the rfc spec, how about the anything but? 8 hack in the box 07 - kuala lumpur

ohhh fuzzers are not va scanners! 9 hack in the box 07 - kuala lumpur

what to break in a protocol? structure state semantics Buffer Overflow Integer Overflow Invalid Message Format String Fragmented Field Invalid Header Null Character Wrong Encoding Invalid Index Invalid String Recursion Truncated Underflow Missing Field Mixed Case Out of Order Self-Reference Too Many Fields Invalid Offset 10 hack in the box 07 - kuala lumpur

what protocols to fuzz? all of them, of course but what s the buzz? what s new? what s not mature? sip scada ipv6 wireless bluetooth videogames 11 hack in the box 07 - kuala lumpur

non-sense fuzzing 12 hack in the box 07 - kuala lumpur

session-based fuzzing first you establish a channel with the target and then start fuzzing at that level 13 hack in the box 07 - kuala lumpur

stateful-based fuzzing one step above establishing a session on-the-fly fuzzing (possible) better fault isolation 14 hack in the box 07 - kuala lumpur

techniques random database (mix?) 15 hack in the box 07 - kuala lumpur

some of the challenges fault isolation the bug behind the bug slow protocol implementations monitor the target (memory leaks/ cpu spikes/ some type of redundancy) 16 hack in the box 07 - kuala lumpur

tools human spike / written in c/ block-based approach protos / java / different fuzzers peach / python / written while drinking beer at ph-neutral antiparser / python/ fuzzer and fault injection tool dfuz / c sulley/ parallel fuzzing capabilities /legos 17 hack in the box 07 - kuala lumpur

commercial bestorm codenomicom hydra mu security thread-x 18 hack in the box 07 - kuala lumpur

getting creative use different fuzzing tools use the same fuzzing tool (parallel fuzzing) use a framework to integrate other stuff (traffic gen, nmap, exploitation tools, etc) to integrate agents for monitoring well use any tools available 19 hack in the box 07 - kuala lumpur

packets 20 hack in the box 07 - kuala lumpur

packets (cont) 21 hack in the box 07 - kuala lumpur

packets (again) 22 hack in the box 07 - kuala lumpur

packets (cont) 23 hack in the box 07 - kuala lumpur

packets (last one) 24 hack in the box 07 - kuala lumpur

(con)fuzzing state of the security community bad security in depth implementations (dos?) again. lots of security is based on known attacks critical infrastructure (?) roi fuzzing is just one of the tools, but certainly has helped changing the way people think 25 hack in the box 07 - kuala lumpur

predictions / crazy thoughts most people already got fuzzing more intelligence has to be incoporated to protocol fuzzing protocol/ application adaptation offline protocol fuzzing/ protocol correlation redundant system testing fuzzing through tunnels proxy-fuzzing (not a-la spike proxy) fuzz through/ on/ with non-standard media types (traffic shapers, etc) creativity is key : use the brain, for anything better integration with other tools anything is fuzzable 26 hack in the box 07 - kuala lumpur

resources fuzzing mailing list by gadi evron http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing book: fuzzing: brute force vulnerability discovery: pedram et al http://fuzzing.org http://labs.musecurity.com http://www.hacksafe.com.au/blog/2006/08/21/fuzz-testing-tools-and-techniques/ http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.pd f 27 hack in the box 07 - kuala lumpur

questions? leduardo (at) musecurity.com 28 hack in the box 07 - kuala lumpur

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information