Disrupting factories, missile bases and warships - Exploration into DDS protocol implementations

中文In-PersonVulnerability AnalysisCyberwar

time

06:00 ~ 06:45

site

R0

We discovered and disclosed vulnerabilities in most of the OMG Data Distribution Service (DDS) implementations. We fuzzed and reviewed six of said implementations, found multiple vulnerabilities within them, and also found loopholes in the DDS specification.

We focused on fuzzing network-layer parsers of implementations, and will introduce how we picked targets to test against with, how to overcome difficulties while fuzzing binaries, and how to commence such tests.

In this research, we will take you from knowing nothing about DDS to efficiently researching new vulnerabilities, which we encourage other researchers, users and implementers to do. Also, we’ll be disclosing actual vulnerability details for the first time ever, and insights on exposed endpoints in the Internet.

Ta-Lun Yen

Ta-Lun Yen

Ta-Lun Yen is a security researcher with interests in reverse engineering, protocol analysis, wireless security, embedded and IoT/ICS device security. He has been a member of a Taiwanese InfoSec community "UCCU Hacker" and has presented various research at well-known conferences and events. Ta-Lun is currently working for TXOne Networks with a focus on offensive research.

English interpretations will be provided for all sessions not presented in English.

Agenda Table

Use event local timezone
TimeZone

00:30

  • Attendant Registration Time

01:20

  • Welcome Speech & Event Introduce

02:10

03:00

  • Break

03:15

04:05

  • Lunch

05:00

05:45

  • Break

06:00

06:45

  • Tea Time

07:00

07:25

08:10

  • Break

08:25

09:10

  • Closing

09:25