Loading...

DEFCON 20: Fuzzing Online Games

12,255 views

Loading...

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 17, 2012

Speakers: ELIE BURSZTEIN RESEARCHER, GOOGLE
PATRICK SAMY RESEARCH ENGINEER, STANFORD UNIVERSITY

Fuzzing online games to find interesting bugs requires a unique set of novel techniques.

In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be easily emulated force us to rely on injecting fuzzing data into a legitimate connections rather than use the standard replay execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we had to become creative to succeed :)

In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games, including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to decide when to perform the injection.

Elie Bursztein is a researcher at Google's Mountain View, Calif. headquarters, where he invents ways to fix the Internet's security and privacy problems. Prior to that as a researcher at Stanford University, Elie designed Wikipedia's CAPTCHA and created Talisman, a Chrome browser extension that enhances security. He is also the inventor of the award-winning game hacking tool Kartograph presented at DEF CON 18 and Security and Privacy 2011.
Twitter: @elie
http://elie.im

Patrick Samy is research engineer at Stanford university where he focuses on hardware and system security. He is the lead developer of Kartograph network and scripting engine. He also developed the Kartograph real-time visualization engine.

For more information visit: http://bit.ly/defcon20_information
To download the video visit: http://bit.ly/defcon20_videos
Playlist DEFCON 20: http://bit.ly/defcon20_playlist

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...