Sharingan – A Ninja art to Copy, Analyze and Counter Attack

Expo Theatre (Hall G) October 19, 2010 - Feedback     

Bookmark and Share

Mrityunjay Gautam

Many products in the industry have or use some kind of a proprietary network protocol. Most of these protocols do not have packet level documentation in place; neither with the development team, nor with the architect. In some instances, security assessment team/auditor might be dealing with a network protocol which a third party wrote and our organization has deployed in the intranet. When the security auditor/group is faced with the problem to assess the security robustness of these protocols, he or she can either do a blind fuzzing or we can capture the communication over the wire and do a manual analysis to find patterns in the various packets. The first approach is not very effective for most protocols and the second approach takes extensive time. The question is – how do you deal with a multitude of such protocols which are built in various products being developed or deployed (third party products) by your company?

This session presents the implementation level design and demonstration of a tool which addresses this problem and automates the entire process. The tool would be sniffing packets from the wire; analyzing the packets using artificial intelligence algorithms and heuristics to find the structure of the packet; generating custom intelligent fuzzers from the derived structural information specific to this protocol. The only manual step is to point the fuzzer to the targeted protocol and get information on its security robustness status. This session is intended to demonstrate an idea which is currently (in the demo) being applied to Network Protocol only but this can as well be used on File Formats for automated file fuzzer generation. The idea here is that with this tool in place, the overall security posture of the organization would get significantly improved. Also the products being shipped out by the company would be better in the network level security robustness.