BruCON 2012

In a couple of weeks I’ll be at BruCON (Gent, Belgium) enjoying some talks, meeting interesting people and partying at Sioux (Nerdcore FTW!). Ah, and I will be giving a talk as well ;)

Since I got an unfortunate slot (yes, that’s me right at the end :)) I thought it would be a good idea to give a short sneak peek. This way you can better decide if this is something of interest for you or you want to hit the road instead.

The talk is called “How I met your pointer. Hijacking client software for fuzz and profit”.

An approach to the problem of fuzzing proprietary protocols will be shown, focusing on network protocols and native software (you know, the stuff that is neither an android/iphone app nor a web one).

The main idea behind it is very simple: “in a client/server architecture, the client knows how the protocol works.”

In the course of this talk I will need to combine several methods in order to force the client software to work as a “double agent” against the server. Since several topics will be touched, several people can pick a couple of ideas here and there maybe.


All the code for the presentation will be available online and there will be a demo experiment as well showing how to abuse a  contrived program I wrote for the purpose.


All in all, it will be an interesting and entertaining talk (with maybe a culinary surprise too :P).


I hope to see you there.


P.S. The topic can be a little dry for people that haven’t had previous contact with it so I like to do all my presentations as dynamic as possible and very “colourful”. I’ll let here a couple of slides so you get the look and feel ;)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s