Fwd: Security Theater 2/12/12 at 14:00 : Hacking Online Games
Yossi Oren
Sunday, 2 December 2012, at 14:00
Room 146, Labs Build
Abstract:
Fuzzing online games to find interesting bugs requires a unique set of novel techniques.
In a nutshell the lack of direct access to the game server and having to deal with clients that are far too complex to be easily emulated force us to rely on injecting fuzzing data into a legitimate connections rather than use the standard replay execution approach. Top that with heavily encrypted and complex network protocols and you start to see why we had to become creative to succeed :)
In this talk, we will discuss and illustrate the novels techniques we had to develop to be able to fuzz online games, including how to successfully inject data into a gaming sessions and how to instrument the game memory to know that our fuzzing was successful. We will also tell you how to find and reverse the interesting part of the protocol, and how to decide when to perform the injection.
Speaker Bios:
Elie Bursztein is a researcher at Google's Mountain View, Calif. headquarters, where he invents ways to fix the Internet's security and privacy problems. Prior to that as a researcher at Stanford University, Elie designed Wikipedia's CAPTCHA and created Talisman, a Chrome browser extension that enhances security. He is also the inventor of the award-winning game hacking tool Kartograph presented at DEF CON 18 and Security and Privacy 2011.
Patrick Samy is research engineer at Stanford university where he focuses on hardware and system security. He is the lead developer of Kartograph network and scripting engine. He also developed the Kartograph real-time visualization engine.
Recorded at the DEF CON 20 Hacking Conference, Las Vegas NV USA, July 26, 2012