Advanced Security Evaluation of Network Protocols


I’m back from London where I gave a talk about security evaluation of proprietary network protocols. I had a great time at InfoSecurity Intelligent Defence and BSides London, many thanks for inviting me and giving me the opportunity to speak to so much nice people.

Find the abstract and the download link to the slides after the break.

Even in the time of Cloud-based security tools, behavior- and machine learning-based APT detection and colorful security appliances, a lot of vulnerabilities are still buried deep within the protocol layers. For security researchers it is quite a challenge to find those in well documented protocols (take SSL for an example), and when it comes to proprietary protocols, the bar is raised even (significantly) higher. This keynote will show that there is still an urgent need for security evaluation on (undocumented) network protocols, discuss war stories on protocol fails, and also give an introduction into the methodology of protocol reversing and how those protocol fails could have been avoided.

Find the Slides here.