This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 28 • 4:45pm - 6:00pm
Exploiting the Forest with Trees

Sign up or log in to save this to your schedule and see who's attending!

One of the most difficult aspects of securing a protocol implementation is simply bounding the scope of the attack surface: how do you tell where attacks are likely to crop up? Historically, variations between implementations have led to some of the most successful attack techniques -- from simple TCP "Christmas tree" packets to last year's multiple break of the X.509 certificate authority system (by these speakers). But without access to all the relevant source code, how can developers identify potential sources of exploitable variations in behavior? In this presentation, we go beyond the accumulated wisdom of "best practices" and demonstrate a quantitative technique for minimizing inconsistent behavior between implementations. We will also show how this technique can be used from an attacker's perspective. Last year we showed you how to break X.509; this year, we will show you how we found those vulnerabilities and how the same techniques can be used to discover multiple novel 0-days in any vulnerable protocol implementation.

Wednesday July 28, 2010 4:45pm - 6:00pm
Day 1 - Bug Collecting

Attendees (18)

  • Profile image