Updated protocol analysis tool featured at Ruxcon in live attacks
Alex Chapman, a Senior Security Consultant at Context Information Security, will be demonstrating weaknesses in the VMware ESXi binary protocol at this week’s Ruxcon, Australia’s leading computer security conference in Melbourne. By using the latest version of Canape, Context’s powerful protocol analysis tool, Chapman will present various live attack scenarios against vulnerabilities in the VMware protocol.
VMware ESXi is a complex multi-layered protocol that transitions between many protocol states throughout a connection lifetime and uses multiplexed frames, compression and encryption over a single TCP connection. .
New features of Canape that will be used against the ESXi protocol, include traffic interception and initial protocol dissection, data injection to brute force user credentials, fuzzing and full PoC exploitation. "Testing and exploiting binary network protocols can be complex and time consuming," says Context’s Alex Chapman. "More often than not, custom software needs to be developed to proxy, parse and manipulate the target traffic. But rather than spending time creating a complete bespoke program, Canape offers a powerful network protocol analysis tool, which takes the existing paradigm of web application testing tools such as CAT, Burp or Fiddler and applies it to network protocol testing. It provides a user interface that facilitates the capture and replaying of binary network traffic, whilst providing a framework to develop parsers and fuzzers."
Ruxcon, which runs on the 20 and 21 October at the CQ Function Centre in Melbourne, Australia, brings together information security industry experts, academics and enthusiasts from across the Aus-Pacific region with a mix of live presentations, activities and demonstrations. Alex Chapman is presenting at 10.00am on day two.
More information about Ruxcon.
Read the detailed blog post here.
Download Canape v1.1 here.