Presented at DEF CON 13 (2005)
July 31, 2005, 2 p.m.
Sick of hand-coding each and every exploit? The past few years have seen the rise of some generalized frameworks for the exploitation of vulnerabilities, but none of them are general-purpose enough to accommodate arbitrary hardware and network protocols. By applying programming language theory to the development of new networks attacks, we can create next-generation platforms capable of quickly handling arbitrary protocols and hardware, and exponentially reducing threat development time. The advances made in compilers in the past decades allow us to divorce ourselves from the tedious mechanics of custom-crafting network attacks and focus only on what we want the attack to do.
This new platform has serious implications for both good (rapidly adding 0-day exploits to your lab's regression testing with no programming knowledge) and for evil (allowing people with no programming knowledge to wield a database of malevolence). The Linguistic Platform can simultaneously accomodate both the generation of network traffic and the decomposition of packet captures for subsequent modification and playback. Using this system, a user can capture a malicious traffic stream in Ethereal, modify it as needed, and play it back on a live network. By deploying several clustered systems, it can even play back multi-node conversations, such as a man-in-the-middle attack. The design of new threats and the organization of threats into a database are also drastically simplified by this system.
In this talk, I will introduce a simple and incredibly powerful approach to the scripting, capture, and playback of malicious network traffic, and detail the design goals and considerations of a Linguistic Platform for Threat Development. Some familiarity with linguistics or finite automata will be helpful, but is not required.
- Imperfect Networks
Ben Kurtz is a principal researcher and developer of threat generation and analysis technologies at Imperfect Networks. Earlier, he earned his Masters of Computer Science by applying language theory to the visual analysis of probe data under the DARPA DASADA program, but has since discovered that it's much easier to break something than to fix it. In other incarnations, he has worked on critical systems for power plants, passenger jets, and insurance companies. If you knew him better, this would make you nervous.