Explore the challenges and risks associated with proprietary network protocols in a 40-minute conference talk from Security BSides London. Dive into the world of embedded software and thick clients using undocumented protocols that bypass standard HTTP/SSL stacks for improved speed and latency. Learn techniques for reverse-engineering binary TCP connections and proprietary communication methods, essential for comprehensive penetration testing of server backends. Discover real-life case studies from the financial industry that exemplify "security by obscurity," showcasing custom cryptography, reversible hash algorithms, and inadequate access controls. Gain valuable insights into the process of dissecting and understanding these obscure protocols, equipping yourself with the knowledge to assess and mitigate potential security vulnerabilities in proprietary network communications.
Overview
Syllabus
Jakub Kaluzny - Proprietary network protocols - risky business on the wire.
Taught by
Security BSides London