How I met your pointer (Hijacking client software for fuzz and profit)

No ratings

Presented at BruCON 2012 by

Carlos Garcia

"Looking for vulnerabilities in closed source software is particularly difficult when the researcher is confronted with proprietary and/or undocumented protocols. Several approaches could be taken to attack this problem like for example, full reverse engineering or dumb fuzzing. Unfortunately, these are either incredibly time/brain consuming or highly inefficient. In this talk another way will be shown, namely, the manipulation of client software using binary instrumentation techniques in order to use them as kind of 'double agents' against the server they are talking to. Some small tools and code examples will be released after the talk for everybody to play with."