Fuzzing proprietary protocols not that hard #sectorca
From the 'Fuzzing Fun' files:
TORONTO. I'm a fan of fuzzing, which is basically a way to throw garbage input at an application to see if it will break.
At the SecTOR security conference currently underway in Toronto, Dr. Thomas Proll of Siemens explained how he goes about fuzzing proprietary protocols.
Proll explained that in his job as a penetration tester he has to fuzz proprietary protocol frequently and he usually doesn't have enough to reverse engineer protocols either. The types of tech that he is testing is often infrastructure like electricity, oil & gas and transportation system.
"Fuzzing is breaking the communication protocol," Proll said. "Unfortunately I can't show you how to break a power plant."