Artwork

Το περιεχόμενο παρέχεται από το Black Hat and Jeff Moss. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Black Hat and Jeff Moss ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
Player FM - Εφαρμογή podcast
Πηγαίνετε εκτός σύνδεσης με την εφαρμογή Player FM !

Michael Sutton and Adam Greene: The Art of File Format Fuzzing (English)

49:04
 
Μοίρασέ το
 

Manage episode 153983881 series 1109073
Το περιεχόμενο παρέχεται από το Black Hat and Jeff Moss. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Black Hat and Jeff Moss ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet. As with most vulnerabilities, discovering file format attacks tends to be more art than science. We will present various techniques that utilize file format fuzzing that range from pure brute force fuzzing to intelligent fuzzing that requires an understanding of the targeted file formats. We will present a methodology for approaching this type of research and address issues such as automating the process. Techniques will be discussed to address challenges such as attacking proprietary file formats, overcoming exception handling and reducing false positives. The presentation will include demonstrations of fuzzing tools designed for both the *nix and Windows platforms that will be released at the conference and the disclosure of vulnerabilities discovered during the course of our research. Michael Sutton is a Director for iDEFENSE/VeriSign, a security intelligence company located in Reston, VA. He heads iDEFENSE/VeriSign and the Vulnerability Aggregation Team (VAT). iDEFENSE Labs is the research and development arm of the company, which is responsible for discovering original security vulnerabilities in hardware and software implementations, while VAT focuses on researching publicly known vulnerabilities. His other responsibilities include developing tools and methodologies to further vulnerability research, and managing the iDEFENSE Vulnerability Contributor Program (VCP). Prior to joining iDEFENSE/VeriSign, Michael established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. He is a frequent presenter at information security conferences. Michael obtained his Certified Information Systems Auditor (CISA) designation in 1998 and is a member of Information Systems Audit and Control Association (ISACA). He has completed a Master of Science in Information Systems Technology degree at George Washington University, has a Bachelor of Commerce degree from the University of Alberta and is a Chartered Accountant. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department. Adam Greene is a Security Engineer for iDEFENSE/VeriSign, a security intelligence company located in Reston, VA. His responsibilities at iDEFENSE/VeriSign include researching original vulnerabilities and developing exploit code as well as verifying and analyzing submissions to the iDEFENSE Vulnerability Contributor Program. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX based system auditing and exploit development. In his time away from computers he has been known to enjoy tea and foosball with strange old women."
  continue reading

14 επεισόδια

Artwork
iconΜοίρασέ το
 
Manage episode 153983881 series 1109073
Το περιεχόμενο παρέχεται από το Black Hat and Jeff Moss. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Black Hat and Jeff Moss ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
"In September 2004, much hype was made of a buffer overflow vulnerability that existed in the Microsoft engine responsible for processing JPEG files. While the resulting vulnerability itself was nothing new, the fact that a vulnerability could be caused by a non-executable file commonly traversing public and private networks was reason for concern. File format vulnerabilities are emerging as more and more frequent attack vector. These attacks take advantage of the fact that an exploit can be carried within non-executable files that were previously considered to be innocuous. As a result, firewalls and border routers rarely prevent the files from entering a network when included as email attachments or downloaded from the Internet. As with most vulnerabilities, discovering file format attacks tends to be more art than science. We will present various techniques that utilize file format fuzzing that range from pure brute force fuzzing to intelligent fuzzing that requires an understanding of the targeted file formats. We will present a methodology for approaching this type of research and address issues such as automating the process. Techniques will be discussed to address challenges such as attacking proprietary file formats, overcoming exception handling and reducing false positives. The presentation will include demonstrations of fuzzing tools designed for both the *nix and Windows platforms that will be released at the conference and the disclosure of vulnerabilities discovered during the course of our research. Michael Sutton is a Director for iDEFENSE/VeriSign, a security intelligence company located in Reston, VA. He heads iDEFENSE/VeriSign and the Vulnerability Aggregation Team (VAT). iDEFENSE Labs is the research and development arm of the company, which is responsible for discovering original security vulnerabilities in hardware and software implementations, while VAT focuses on researching publicly known vulnerabilities. His other responsibilities include developing tools and methodologies to further vulnerability research, and managing the iDEFENSE Vulnerability Contributor Program (VCP). Prior to joining iDEFENSE/VeriSign, Michael established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. He is a frequent presenter at information security conferences. Michael obtained his Certified Information Systems Auditor (CISA) designation in 1998 and is a member of Information Systems Audit and Control Association (ISACA). He has completed a Master of Science in Information Systems Technology degree at George Washington University, has a Bachelor of Commerce degree from the University of Alberta and is a Chartered Accountant. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department. Adam Greene is a Security Engineer for iDEFENSE/VeriSign, a security intelligence company located in Reston, VA. His responsibilities at iDEFENSE/VeriSign include researching original vulnerabilities and developing exploit code as well as verifying and analyzing submissions to the iDEFENSE Vulnerability Contributor Program. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX based system auditing and exploit development. In his time away from computers he has been known to enjoy tea and foosball with strange old women."
  continue reading

14 επεισόδια

Όλα τα επεισόδια

×
 
Loading …

Καλώς ήλθατε στο Player FM!

Το FM Player σαρώνει τον ιστό για podcasts υψηλής ποιότητας για να απολαύσετε αυτή τη στιγμή. Είναι η καλύτερη εφαρμογή podcast και λειτουργεί σε Android, iPhone και στον ιστό. Εγγραφή για συγχρονισμό συνδρομών σε όλες τις συσκευές.

 

Οδηγός γρήγορης αναφοράς