Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
Back To Schedule
Wednesday, June 3 • 11:45am - 12:30pm
Proprietary network protocols - risky business on the wire.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

When speed and latency counts, there is no place for standard HTTP/SSL stack and a wise head comes up with a proprietary network protocol. How to deal with embedded software or thick clients using protocols with no documentation at all? Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. However, when you dive inside this traffic and reverse-engineer the communication inside, you are there. Welcome to the world full of own cryptography, revertible hash algorithms and no access control at all.
We would like to present our approach and a short guideline how to reverse engineer proprietary protocols. To demonstrate, we will show you few case-studies, which in our opinion are a quintessence of ""security by obscurity"" - the most interesting examples from real-life financial industry software, which is a particularly risky business regarding security.


Jakub Kaluzny

Jakub is a Senior IT Security Consultant at SecuRing and performs penetration tests of high-risk applications, systems and devices. He was a speaker at many internetional conferences: OWASP AppSec EU, PHdays, CONFidence, HackInTheBox AMS, BlackHat Asia as well at local security events... Read More →

Wednesday June 3, 2015 11:45am - 12:30pm
a. Track 1