Description: The Universal Serial Bus (USB) can be found everywhere these days, may it be to connect a mouse or keyboard to the computer, transfer data on a flash drive connected via USB or to attach some additional hardware like a Digital Video Broadcast receiver. Some of these devices use a standardized device class which are served by an operating system default driver while other, special purpose devices, do not fit into any of those classes, so vendors ship their own drivers. As every vendor specific USB driver installed on a system adds additional attack surface, there needs to be some method to evaluate the stability and the security of those vendor proprietary drivers. The simplest way to perform a stability analysis of closed source products is the fuzzing approach. As there have been no publicly available tools for performing USB host driver fuzzing, I decided to develop one , building on Sergey’s and Travis’ legendary Troopers13 talk. Be prepared to learn a lot about USB specifics, and to see quite a number of blue screens and stack traces on major server operating systems…
BIO: Daniel Mende is an ERNW security researcher specialized on network protocols and technologies. He s well known for his routing protocol attack tool LOKI, the DIZZY fuzzing framework and a bunch of testing tools from the 3GPP domain. He has presented on protocol security at many occasions including Troopers, Blackhat, CCC, HackInTheBox and ShmooCon. Usually he releases a new tool when giving a talk.
For More Information please visit : - https://www.troopers.de
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.