Announcement

Collapse
No announcement yet.

Advanced Custom Network Protocol Fuzzing

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advanced Custom Network Protocol Fuzzing

    Advanced Custom Network Protocol Fuzzing

    Get hands on experience writing custom network protocol fuzzers. This class will cover the basics of network protocol "smart fuzzing." Exercises will utilize the open source network protocol fuzzing framework, boofuzz. Attendees will gain practice reverse engineering a network protocol, implementing and iterating on a custom fuzzer, and identifying vulnerabilities.

    After the class:
    You will know the basics of fuzzing.
    You will know how to write custom network protocol fuzzers using state of the art open source tools.
    You will have hands on experience with this widely-discussed but still largely mysterious test method.

    Before the class (Prerequisites): You should:
    Be comfortable doing some basic programming in Python.
    Understand basic network protocol concepts (e.g. what is a protocol and what is a network layer).
    Be familiar with WireShark and how to use it.
    Have a laptop with at least 8 GB of RAM.

    What you won't learn:
    Exploit development.
    Python programming. Because you can already do that (see above). ;)

    Fuzzing is a wide and deep field with a wide array of technologies. This class is a beginner-friendly deep dive into one niche of the fuzzing world.
    Joshua is a software engineer specializing in information and network security. He has worked in the critical infrastructure and cloud computing industries with employers heavily invested in software and hardware security. Among his passions are hacking, teaching kids to program, attending orchestral concerts with his wife, and figuring out how he can get paid to do it all... legally.

    Joshua is the maintainer of the boofuzz network protocol fuzzing framework.

    Tim is a software engineer working in information security. He has worked for a startup and data analytics companies. He currently works in critical infrastructure with a focus on security and fuzzing. He cringes at the thought of insecure systems and therefore seeks to improve the security of anyone who will listen. Tim has experience deploying gratuitous amounts of fuzz over the network, and has taught others to do the same.

    Prerequisites for students:
    - Some basic Python programming experience )(some programming ability is REQUIRED).
    - Basic understanding of network protocols.
    - Basic familiarity with Wireshark.
    - Optional: Fuzzing experience.

    Materials or Equipment students will need to bring to participate:
    - Laptop -- strongly recommended: configure for Defcon secure Wi-Fi access beforehand.
    - Software requirements will be emailed to class ahead of time
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    高级自定义网络协议模糊测试

    亲身体验编写自定义网络协议模糊测试。这门课将介绍“智能测试”网络协议的基础知识。联系将利用开源模糊测 试框架boofuzz进行测试。参会者将获得对网络协议进行逆向工程的实践、实现与自定义模糊器迭代,以及 识别漏洞。
    在此之后:
    • 你将了解模糊测试的基础知识;
    • 你将了解如何使用最先进的开源工具编写自定义的网络协议模糊器;
    • 你将亲身体验这种广泛讨论却很神秘的测试方法。
    在此之前,你需要:
    • 习惯用Python写一些基本的程序;
    • 理解网络协议的基本概念(例如什么是协议以及什么是网络层);
    • 熟练使用WireShark并知道如何使用;
    • 携带一台至少8GB内存的笔记本电脑。
    在这里你不会学到:
    • 漏洞开发;
    • Python编程,因为你已经可以做到了。
    模糊测试是一个广泛而深入的领域,并拥有相当大的技术含量。这门课程对初学者很友

    好,是深入了解模糊测试的一个基石。

    Joshua是一名专注于信息和网络安全的软件工程师。他曾在关键基础设施和云计算行业工作,他的雇主在软 件和硬件安全方面投入巨大。他的热情包括黑客攻击,教孩子们编程,和他的妻子一起参加管弦乐音乐会,并弄清 楚他是如何合法得到报酬的呢?。

    Joshua是boofuzz网络协议模糊测试框架的维护者。Tim是一名从事信息安全工作的软件工程师。 他曾在一家初创公司和数据分析公司工作过。他目前在关键基础设施方面工作,专注于安全性和模糊测试。他厌恶 不安全的系统,所以任何对他寻求安全建议他都会愿意帮助的。

    Tim经常在网络上进行无偿的模糊测试,并教会其他人也这样做
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

    Comment

    Working...
    X