Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
View analytic
Wednesday, June 3 • 11:45am - 12:30pm
Proprietary network protocols - risky business on the wire.

Sign up or log in to save this to your schedule and see who's attending!

When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.

Speakers
JK

Jakub Kaluzny

Jakub is a Senior IT Security Consultant at SecuRing and performs penetration tests of high-risk applications, systems and devices. He was a speaker at many internetional conferences: OWASP AppSec EU, PHdays, CONFidence, HackInTheBox AMS, BlackHat Asia as well at local security events. Previously working for European Space Agency and internet payments intermediary. Apart from testing applications, he digs into proprietary network protocols... Read More →


Wednesday June 3, 2015 11:45am - 12:30pm
a. Track 1