Breaking Binary Protocols and Bad Crypto

Explore the process of reverse-engineering and exploiting network devices in this 44-minute Security BSides London talk. Delve into Graham Sutherland's journey from having little knowledge of a widely deployed system to developing powerful exploits. Learn techniques for analyzing and attacking binary protocols, including a method for classifying and identifying unknown cryptography. Gain insights into the initial approach, reverse engineering process, and crypto classification. Discover how to analyze traffic, payloads, and packet structures. Understand the importance of differential cryptanalysis and packet encryption. Follow along as Sutherland shares his experiences with SSL, Diffie-Hellman, and HTTP encryption. Perfect for security professionals and enthusiasts looking to enhance their skills in breaking binary protocols and bad crypto.

Introduction
Background Information
First Light
History
Initial approach
DB9 connector
TCP ports
Console management
Reverse engineering
Validation
SSL
Diffie
Tiffany Hellman
Lunge
My favorite gift
Im lazy
Analyzing the traffic
Analyzing the payload
Crypto classification
Differential cryptanalysis
Packet structure
Packet encryption
HTTP encryption
Session IDs
Any questions