Chunky Cookies - Smashing Application Aware Defenses

Explore a comprehensive conference talk from BSides Nashville 2017 that delves into the intricacies of application-aware defenses and innovative techniques to bypass them. Learn about the assumed breach mentality, the vulnerabilities in current security measures, and the power of data chunking. Discover how to leverage HTTP encoding, DNS requests, and reassembly keys to circumvent advanced security systems. Gain insights into FireWay, a tool designed to test and exploit these weaknesses. Examine real-world examples, including a reverse BitTorrent approach, and understand the implications for modern cybersecurity practices. Engage with thought-provoking discussion questions that challenge conventional security paradigms and encourage innovative thinking in the field of information security.

Intro
Welcome
About me
Agenda
Why BSides
Assumed breach mentality
Application Awareness
Processing Power
Why are these things broken
Firewall lets traffic out
DLP
URL Filtering
Anomaly Detection
Static Patterns
Data chunking
A funny story
Encryption arouses suspicion
FireWay
Test Data Mode
Server Mode
Client Mode
sanitized logs
Layer 7 rule
Firewall is already past data
So thats pretty cool right
But lets do something
Reassembly
Servers Ready
Example
Output
Spacing
Reverse BitTorrent
Generate Sequence Key
Random Characters
Sequence Key
Reassemble
Small Pieces
Layer 7 Devices
HTTP
Why HTTP
Why Encoding
HTTP Headers
DNS Requests
Wireshark
Reassembly Keys
Inbound
Discussion Questions