Loading...

Black Hat USA 2010: Exploiting the Forest with Trees 1/5

1,629 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on Sep 20, 2010

Speakers: Meredith L. Patterson, Len Sassaman

One of the most difficult aspects of securing a protocol implementation is simply bounding the scope of the attack surface: how do you tell where attacks are likely to crop up? Historically, variations between implementations have led to some of the most successful attack techniques -- from simple TCP "Christmas tree" packets to last year's multiple break of the X.509 certificate authority system (by these speakers). But without access to all the relevant source code, how can developers identify potential sources of exploitable variations in behavior? In this presentation, we go beyond the accumulated wisdom of "best practices" and demonstrate a quantitative technique for minimizing inconsistent behavior between implementations. We will also show how this technique can be used from an attacker's perspective. Last year we showed you how to break X.509; this year, we will show you how we found those vulnerabilities and how the same techniques can be used to discover multiple novel 0-days in any vulnerable protocol implementation.

For more information click here (http://bit.ly/dwlBpJ)

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...