SlideShare a Scribd company logo

DEF CON 27 - workshop - HUGO TROVAO and RUSHIKESH NADEDKAR - scapy dojo v1

Felipe Prado
Felipe Prado

This document provides an overview of Scapy, a tool for sending, sniffing, and dissecting network packets. It discusses the following key points: - Scapy allows building packets with layers and fields, sending and receiving packets, and dissecting captured packets. - Packets are made of layers like Ethernet, IP, TCP, which contain fields that can be manipulated. - Common tasks include crafting packets, displaying packet details, sending packets, receiving packets through sniffing, and reading/writing pcap files. - Examples are provided for tasks like DHCP servers, DNS servers, and protocols like AJP13 and LoRaWAN.

Technology
1 of 55
Download to read offline
Scapy_Dojo_V_1 HUGO TROVAO & RUSHIKESH D. NANDEDKAR
Introduction What is Scapy? A tool?A library? || • Maybe a set of functions helping in generating traffic for specific protocols ./../
Anatomy of scapy for our purpose Scapy is a flexible tool to manipulate packets. Packets are made of layers. Scapy helps us craft packets with the layers of our desire and fields of our choice. Layers are made of fields.
Layers and Fields •What is a layer? • A unit of packet • Ex: Ether()/IP()/TCP()/Raw(payload) •What is a field • Layers are composed by logical parts (fields) • Ex: IP(src="10.0.0.1") •"Automatic" fields • Some layers can have fields that are computed in context • Ex: TCP(chksum=0x0bad) # this generates an invalid packet
Scapy basics
Packet building in scapy •Packets are constructed with parameterized layers. • Ex: IP(dst="10.0.0.1")/TCP(dport=808 0) •Field layers can be accessed and changed to update an existing layer. • Ex: pkt[IP].dst = "10.0.0.2”
Displaying packets •There are 2 modes of displaying packets. • - before "automatic" fields computation (pkt.show()) • - after "automatic" fields computation (pkt.show2()) [this is what goes on wire!] •hexdump(pkt) will print packet in hex. •pkt.summary() will show a short summary of the packet. •ls(IP, verbose=True) # list protocol fields. •bytes(pkt) return pkt in wire bytes representation.
Sending packets •Scapy allows sending packets and frames. •For data link layer, the prime keyword to send frame is ”sendp”. • sendp(layer2_pkt) •For network layer, the keyword to send packet is ”send” • send(layer3_pkt)
Receiving packets •Packets/frames can be sniffed from wire/air. • sniff(count=0, store=True, offline=None, prn=None, lfilter=None, L2socket=None, timeout=None, opened_socket=None, stop_filter=None, iface=None, started_callback=None, *arg, **karg)
… •Packets can be received according to a response of a sent packet •srp(pkt) will send pkt and return the responses packet at layer 2 •srp1(pkt) will send pkt and return one response packet at layer 2 •sr(pkt) will send pkt and return the responses packet at layer 3 •sr1(pkt) will send pkt and return one response packet at layer 3 •Returns (ans, unans) where ans is (sent, answ) •rdpcap(filename, count=-1) reads a pcap file and returns a list of packets
DHCP Servers
DHCP protocol
A different approach - Server l Sniff dhcp traffic with scapy l “reverse-engineer” reply packets and use this as your “template” packets l Modify them at your needs (dns server/gateway address/...) l Reply to DHCP request packets in the network with your modified packets
Video
A different approach - Client l Sniff dhcp traffic with scapy l “reverse-engineer” request packets and use this as your “template” packets l Modify them at your needs (hw address) l Reply to DHCP request packets in the network with your modified packets
Video
DNS Servers
DNS/mDNS query viewer l Sniff some DNS/mDNS traffic l Dissect and understand the protocol l Implement a viewer for DNS and/or mDNS queries - DNS: 53/udp - MDNS: 5353/udp l Uses multicast traffic destination IP l Protocols are similar
Video
DNS/mDNS query responder l Check {dns,mdns}-responder.py for DNS and/or mDNS query responders - DNS: 53/udp - MDNS: 5353/udp l Uses multicast traffic destination IP l Reply to DNS/mDNS traffic on your network
Video
AJP13
Apache JServ Protocol version 1.3 l Communication protocol for web server/servlet- containers l Packet oriented protocol l Binary format to increase performance l TCP communication with persistent connections - Default port: tcp/8009
Making an AJP3 layer https://tomcat.apache.org/connectors-doc- archive/jk2/common/AJPv13.html
Forward Request Packet Strings are Pascal Strings
Message Types
HTTP method and headers
Attributes
Response Packets
Response headers
Get body chunk l The container asks for more data from the request (If the body was too large to fit in the first packet sent over or when the request is chuncked). The server will send a body packet back with an amount of data which is the minimum of the request_length, the maximum send body size (8186 (8 Kbytes - 6)), and the number of bytes actually left to send from the request body. l If there is no more data in the body (i.e. the servlet container is trying to read past the end of the body), the server will send back an "empty" packet, which is a body packet with a payload length of 0. (0x12,0x34,0x00,0x00)
AJP13 - Layers
Layers l Layers are made describing fields. Each layer has 3 different representations: - Human (h) - Internal (I) - Machine (m) l The functions to implement in a layer to customize the construction of the packet representations are: i2m, m2i, h2i, i2h, ...
Fields l Fields are made describing its representations on wire and for internal use. l addfield(pkt, s, val) and getfield(pkt, s) are called for adding or getting a field from a layer
Processing fields def post_build(self, pkt, pay): """ DEV: called right after the current layer is build. :param str pkt: the current packet (build by self_buil function) :param str pay: the packet payload (build by do_build_payload function) :return: a string of the packet with the payload """ return pkt + pay def dissection_done(self, pkt): """DEV: will be called after a dissection is completed""" self.post_dissection(pkt) self.payload.dissection_done(pkt) def post_dissection(self, pkt): """DEV: is called after the dissection of the whole packet""" pass def post_dissect(self, s): """DEV: is called right after the current layer has been dissected""" return s def pre_dissect(self, s): """DEV: is called right before the current layer is dissected""" return s
What to implement l AJP13Header l AJP13ForwardRequest l Pascal String Field l Data length calculation
Video
AJP13 - Fuzzing
Rand generators l Fuzzing fields with Rand...() generators is easy l RandInt(), RandShort(), RandIP() RandString(), ... on fields we want to fuzz 1) loop sending a packet 1) Every time the packet is built it call the generators and create new random values 2) don’t forget to save packets for posterior analysis [after anomaly] 2) observe logs in fuzzed application
What to implement - AJP13 as Web Server l Generate a fuzzing template with Rand generators with AJP13ForwardRequests l Fuzz ajp13 service on Tomcat on the VM - /opt/apache-tomcat-.../ l bin/catalina.sh start l Observe logs - logs/
Video
What to implement - AJP13 as Servlet Container l Check test_as_server.py example, and customize it - Launch it, it will listen in 8009/tcp and reply to web server requests in AJP protocol l Launch Apache httpd - Configure httpd with the lines from the config in the sources directory l Configure modules and insert a ProxyPass directive for ajp13 - bin/httpd -X l Start making requests to Apache AJP endpoint - while [[ 1 ]] ; do curl localhost/ajp; done l Observe logs
Video
LoRaWAN
LoRaWAN l LoRaWAN is protocol on top of LoRa modulation l Used in IoT l Used in star topology l Essential components - Application server - Gateway - Node -
LoRaWAN Our setup l End Nodes use LoRa modulation to talk to Gateway l Gateway use 1700/udp port to talk to application server - Semtech protocol l LoRaWAN protocol is used for End Nodes to talk to Application Server -
LoRaWAN Our setup l LoRaWAN payloads are encrypted with AES l End Nodes can join the network with: - ABP (pre shared keys) - OTAA (keys are exchanged in JoinRequests) l The communication between the Node and Application server is encrypted. Node talks to Gateway through LoRa and the Gateway uses the Internet to reach the application server. l Gateway talks to the Application server using messages with gateway and reception information and the received message from the node. In our case its SemtechUDP protocol and LoRaWAN 1.0.1.
LoRaWAN Our setup - Protocol l LoRaWAN Class-A, Version 1.0.1 l https://lora-alliance.org/resource-hub/lorawanr- specification-v101
Protocol Layers
Protocol Layers
Protocol Layers
Protocol Layers
SemtechUDP l UDP based communication on port 1700 l Based on binary header and json payloads - we’ll be interested in the data of json payload where the LoRaWAN protocol is being exchanged l https://github.com/Lora- net/packet_forwarder/blob/master/PROTOCOL.TXT
In practice l Use the vm and: - Unpack IQ samples zip to /tmp - Build and install gr-lora - Launch scapy-radio and use LoRa radio module - gnuradio.sniffradio(radio=”LoRa”) - Dissect sniffed packets
Video

Recommended

An introduction to Apache Thrift
An introduction to Apache ThriftAn introduction to Apache Thrift
An introduction to Apache ThriftMike Frampton
 
Apache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesApache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesJimmy Lai
 
Apache Thrift
Apache ThriftApache Thrift
Apache Thriftknight1128
 
Introduction to Thrift
Introduction to ThriftIntroduction to Thrift
Introduction to ThriftDvir Volk
 
Avro - More Than Just a Serialization Framework - CHUG - 20120416
Avro - More Than Just a Serialization Framework - CHUG - 20120416Avro - More Than Just a Serialization Framework - CHUG - 20120416
Avro - More Than Just a Serialization Framework - CHUG - 20120416Chicago Hadoop Users Group
 
Networking in python by Rj
Networking in python by RjNetworking in python by Rj
Networking in python by RjShree M.L.Kakadiya MCA mahila college, Amreli
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash CourseUTD Computer Security Group
 
Railsconf
RailsconfRailsconf
RailsconfEzra Zygmuntowicz
 

Recommended

An introduction to Apache Thrift
An introduction to Apache ThriftAn introduction to Apache Thrift
An introduction to Apache ThriftMike Frampton
 
Apache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesApache thrift-RPC service cross languages
Apache thrift-RPC service cross languagesJimmy Lai
 
Apache Thrift
Apache ThriftApache Thrift
Apache Thriftknight1128
 
Introduction to Thrift
Introduction to ThriftIntroduction to Thrift
Introduction to ThriftDvir Volk
 
Avro - More Than Just a Serialization Framework - CHUG - 20120416
Avro - More Than Just a Serialization Framework - CHUG - 20120416Avro - More Than Just a Serialization Framework - CHUG - 20120416
Avro - More Than Just a Serialization Framework - CHUG - 20120416Chicago Hadoop Users Group
 
Networking in python by Rj
Networking in python by RjNetworking in python by Rj
Networking in python by RjShree M.L.Kakadiya MCA mahila college, Amreli
 
Exploitation Crash Course
Exploitation Crash CourseExploitation Crash Course
Exploitation Crash CourseUTD Computer Security Group
 
Railsconf
RailsconfRailsconf
RailsconfEzra Zygmuntowicz
 
Network emulator
Network emulatorNetwork emulator
Network emulatorjeromy fu
 
Erlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The WinErlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The Winl xf
 
Experiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRubyExperiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRubyMatthew Gaudet
 
Improving Robustness In Distributed Systems
Improving Robustness In Distributed SystemsImproving Robustness In Distributed Systems
Improving Robustness In Distributed Systemsl xf
 
Introduction to memory order consume
Introduction to memory order consumeIntroduction to memory order consume
Introduction to memory order consumeYi-Hsiu Hsu
 
Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475Max Kleiner
 
Early Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator ModelEarly Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator ModelChunhua Liao
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and AdministrationKrasimir Berov (Красимир Беров)
 
NativeBoost
NativeBoostNativeBoost
NativeBoostESUG
 
DSLs in JavaScript
DSLs in JavaScriptDSLs in JavaScript
DSLs in JavaScriptelliando dias
 
Arduino C maXbox web of things slide show
Arduino C maXbox web of things slide showArduino C maXbox web of things slide show
Arduino C maXbox web of things slide showMax Kleiner
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
Streams, sockets and filters oh my!
Streams, sockets and filters oh my!Streams, sockets and filters oh my!
Streams, sockets and filters oh my!Elizabeth Smith
 
Tc basics
Tc basicsTc basics
Tc basicsjeromy fu
 
Writing and using php streams and sockets
Writing and using php streams and socketsWriting and using php streams and sockets
Writing and using php streams and socketsElizabeth Smith
 
Programming using Open Mp
Programming using Open MpProgramming using Open Mp
Programming using Open MpAnshul Sharma
 
DIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe WorkshopDIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe Workshopodsc
 
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Anne Nicolas
 
Towards Chainer v1.5
Towards Chainer v1.5Towards Chainer v1.5
Towards Chainer v1.5Seiya Tokui
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUTRedge Technologies
 
Hands on with CoAP and Californium
Hands on with CoAP and CaliforniumHands on with CoAP and Californium
Hands on with CoAP and CaliforniumJulien Vermillard
 
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationBKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationLinaro
 

More Related Content

What's hot

Network emulator
Network emulatorNetwork emulator
Network emulatorjeromy fu
 
Erlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The WinErlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The Winl xf
 
Experiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRubyExperiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRubyMatthew Gaudet
 
Improving Robustness In Distributed Systems
Improving Robustness In Distributed SystemsImproving Robustness In Distributed Systems
Improving Robustness In Distributed Systemsl xf
 
Introduction to memory order consume
Introduction to memory order consumeIntroduction to memory order consume
Introduction to memory order consumeYi-Hsiu Hsu
 
Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475Max Kleiner
 
Early Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator ModelEarly Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator ModelChunhua Liao
 
NativeBoost
NativeBoostNativeBoost
NativeBoostESUG
 
Arduino C maXbox web of things slide show
Arduino C maXbox web of things slide showArduino C maXbox web of things slide show
Arduino C maXbox web of things slide showMax Kleiner
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentationAmir Razmjou
 
Streams, sockets and filters oh my!
Streams, sockets and filters oh my!Streams, sockets and filters oh my!
Streams, sockets and filters oh my!Elizabeth Smith
 
Writing and using php streams and sockets
Writing and using php streams and socketsWriting and using php streams and sockets
Writing and using php streams and socketsElizabeth Smith
 
Programming using Open Mp
Programming using Open MpProgramming using Open Mp
Programming using Open MpAnshul Sharma
 
DIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe WorkshopDIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe Workshopodsc
 
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Anne Nicolas
 
Towards Chainer v1.5
Towards Chainer v1.5Towards Chainer v1.5
Towards Chainer v1.5Seiya Tokui
 

What's hot (20)

Network emulator
Network emulatorNetwork emulator
Network emulator
 
Erlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The WinErlang Message Passing Concurrency, For The Win
Erlang Message Passing Concurrency, For The Win
 
Experiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRubyExperiments in Sharing Java VM Technology with CRuby
Experiments in Sharing Java VM Technology with CRuby
 
Improving Robustness In Distributed Systems
Improving Robustness In Distributed SystemsImproving Robustness In Distributed Systems
Improving Robustness In Distributed Systems
 
Introduction to memory order consume
Introduction to memory order consumeIntroduction to memory order consume
Introduction to memory order consume
 
Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475Ekon 25 Python4Delphi_MX475
Ekon 25 Python4Delphi_MX475
 
Early Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator ModelEarly Experiences with the OpenMP Accelerator Model
Early Experiences with the OpenMP Accelerator Model
 
System Programming and Administration
System Programming and AdministrationSystem Programming and Administration
System Programming and Administration
 
NativeBoost
NativeBoostNativeBoost
NativeBoost
 
DSLs in JavaScript
DSLs in JavaScriptDSLs in JavaScript
DSLs in JavaScript
 
Arduino C maXbox web of things slide show
Arduino C maXbox web of things slide showArduino C maXbox web of things slide show
Arduino C maXbox web of things slide show
 
Netmap presentation
Netmap presentationNetmap presentation
Netmap presentation
 
Streams, sockets and filters oh my!
Streams, sockets and filters oh my!Streams, sockets and filters oh my!
Streams, sockets and filters oh my!
 
Tc basics
Tc basicsTc basics
Tc basics
 
Writing and using php streams and sockets
Writing and using php streams and socketsWriting and using php streams and sockets
Writing and using php streams and sockets
 
Programming using Open Mp
Programming using Open MpProgramming using Open Mp
Programming using Open Mp
 
DIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe WorkshopDIY Deep Learning with Caffe Workshop
DIY Deep Learning with Caffe Workshop
 
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
Kernel Recipes 2018 - XDP: a new fast and programmable network layer - Jesper...
 
Towards Chainer v1.5
Towards Chainer v1.5Towards Chainer v1.5
Towards Chainer v1.5
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUT
 

Similar to DEF CON 27 - workshop - HUGO TROVAO and RUSHIKESH NADEDKAR - scapy dojo v1

Hands on with CoAP and Californium
Hands on with CoAP and CaliforniumHands on with CoAP and Californium
Hands on with CoAP and CaliforniumJulien Vermillard
 
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationBKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationLinaro
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterAnne Nicolas
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark Fabio Rosa
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux KernelKernel TLV
 
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)Igalia
 
Porting a Streaming Pipeline from Scala to Rust
Porting a Streaming Pipeline from Scala to RustPorting a Streaming Pipeline from Scala to Rust
Porting a Streaming Pipeline from Scala to RustEvan Chan
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Hiroshi Ota
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server InternalsPraveen Gollakota
 
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQL
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQLHTTP, JSON, JavaScript, Map&Reduce built-in to MySQL
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQLUlf Wendel
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Andriy Berestovskyy
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networkingSreenatha Reddy K R
 
SD, a P2P bug tracking system
SD, a P2P bug tracking systemSD, a P2P bug tracking system
SD, a P2P bug tracking systemJesse Vincent
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.pptLyVu51
 

Similar to DEF CON 27 - workshop - HUGO TROVAO and RUSHIKESH NADEDKAR - scapy dojo v1 (20)

Hands on with CoAP and Californium
Hands on with CoAP and CaliforniumHands on with CoAP and Californium
Hands on with CoAP and Californium
 
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP IntegrationBKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
BKK16-409 VOSY Switch Port to ARMv8 Platforms and ODP Integration
 
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverterKernel Recipes 2014 - NDIV: a low overhead network traffic diverter
Kernel Recipes 2014 - NDIV: a low overhead network traffic diverter
 
Workshop Wireshark
Workshop Wireshark Workshop Wireshark
Workshop Wireshark
 
VLANs in the Linux Kernel
VLANs in the Linux KernelVLANs in the Linux Kernel
VLANs in the Linux Kernel
 
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
D. Fast, Simple User-Space Network Functions with Snabb (RIPE 77)
 
Porting a Streaming Pipeline from Scala to Rust
Porting a Streaming Pipeline from Scala to RustPorting a Streaming Pipeline from Scala to Rust
Porting a Streaming Pipeline from Scala to Rust
 
Python networking
Python networkingPython networking
Python networking
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015
 
Tornado Web Server Internals
Tornado Web Server InternalsTornado Web Server Internals
Tornado Web Server Internals
 
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQL
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQLHTTP, JSON, JavaScript, Map&Reduce built-in to MySQL
HTTP, JSON, JavaScript, Map&Reduce built-in to MySQL
 
Introduction to ns3
Introduction to ns3Introduction to ns3
Introduction to ns3
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)Network Programming: Data Plane Development Kit (DPDK)
Network Programming: Data Plane Development Kit (DPDK)
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 
Pfm technical-inside
Pfm technical-insidePfm technical-inside
Pfm technical-inside
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
 
SD, a P2P bug tracking system
SD, a P2P bug tracking systemSD, a P2P bug tracking system
SD, a P2P bug tracking system
 
13048671.ppt
13048671.ppt13048671.ppt
13048671.ppt
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 

More from Felipe Prado

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryFelipe Prado
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...Felipe Prado
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsFelipe Prado
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionFelipe Prado
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101Felipe Prado
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentFelipe Prado
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareFelipe Prado
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...Felipe Prado
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationFelipe Prado
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceFelipe Prado
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistFelipe Prado
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksFelipe Prado
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityFelipe Prado
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsFelipe Prado
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchFelipe Prado
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...Felipe Prado
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksFelipe Prado
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationFelipe Prado
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncFelipe Prado
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesFelipe Prado
 

More from Felipe Prado (20)

DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directoryDEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
 
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
 
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got antsDEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
 
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryptionDEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
 
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
 
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a governmentDEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
 
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardwareDEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
 
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
 
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustrationDEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
 
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interfaceDEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
 
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionistDEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
 
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locksDEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
 
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud securityDEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
 
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portalsDEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
 
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitchDEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
 
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
 
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucksDEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitationDEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
 
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vncDEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
 
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devicesDEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
 

Recently uploaded

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

DEF CON 27 - workshop - HUGO TROVAO and RUSHIKESH NADEDKAR - scapy dojo v1

  • 2. Introduction What is Scapy? A tool?A library? || • Maybe a set of functions helping in generating traffic for specific protocols ./../
  • 3. Anatomy of scapy for our purpose Scapy is a flexible tool to manipulate packets. Packets are made of layers. Scapy helps us craft packets with the layers of our desire and fields of our choice. Layers are made of fields.
  • 4. Layers and Fields •What is a layer? • A unit of packet • Ex: Ether()/IP()/TCP()/Raw(payload) •What is a field • Layers are composed by logical parts (fields) • Ex: IP(src="10.0.0.1") •"Automatic" fields • Some layers can have fields that are computed in context • Ex: TCP(chksum=0x0bad) # this generates an invalid packet
  • 6. Packet building in scapy •Packets are constructed with parameterized layers. • Ex: IP(dst="10.0.0.1")/TCP(dport=808 0) •Field layers can be accessed and changed to update an existing layer. • Ex: pkt[IP].dst = "10.0.0.2”
  • 7. Displaying packets •There are 2 modes of displaying packets. • - before "automatic" fields computation (pkt.show()) • - after "automatic" fields computation (pkt.show2()) [this is what goes on wire!] •hexdump(pkt) will print packet in hex. •pkt.summary() will show a short summary of the packet. •ls(IP, verbose=True) # list protocol fields. •bytes(pkt) return pkt in wire bytes representation.
  • 8. Sending packets •Scapy allows sending packets and frames. •For data link layer, the prime keyword to send frame is ”sendp”. • sendp(layer2_pkt) •For network layer, the keyword to send packet is ”send” • send(layer3_pkt)
  • 9. Receiving packets •Packets/frames can be sniffed from wire/air. • sniff(count=0, store=True, offline=None, prn=None, lfilter=None, L2socket=None, timeout=None, opened_socket=None, stop_filter=None, iface=None, started_callback=None, *arg, **karg)
  • 10. … •Packets can be received according to a response of a sent packet •srp(pkt) will send pkt and return the responses packet at layer 2 •srp1(pkt) will send pkt and return one response packet at layer 2 •sr(pkt) will send pkt and return the responses packet at layer 3 •sr1(pkt) will send pkt and return one response packet at layer 3 •Returns (ans, unans) where ans is (sent, answ) •rdpcap(filename, count=-1) reads a pcap file and returns a list of packets
  • 13. A different approach - Server l Sniff dhcp traffic with scapy l “reverse-engineer” reply packets and use this as your “template” packets l Modify them at your needs (dns server/gateway address/...) l Reply to DHCP request packets in the network with your modified packets
  • 14. Video
  • 15. A different approach - Client l Sniff dhcp traffic with scapy l “reverse-engineer” request packets and use this as your “template” packets l Modify them at your needs (hw address) l Reply to DHCP request packets in the network with your modified packets
  • 16. Video
  • 18. DNS/mDNS query viewer l Sniff some DNS/mDNS traffic l Dissect and understand the protocol l Implement a viewer for DNS and/or mDNS queries - DNS: 53/udp - MDNS: 5353/udp l Uses multicast traffic destination IP l Protocols are similar
  • 19. Video
  • 20. DNS/mDNS query responder l Check {dns,mdns}-responder.py for DNS and/or mDNS query responders - DNS: 53/udp - MDNS: 5353/udp l Uses multicast traffic destination IP l Reply to DNS/mDNS traffic on your network
  • 21. Video
  • 22. AJP13
  • 23. Apache JServ Protocol version 1.3 l Communication protocol for web server/servlet- containers l Packet oriented protocol l Binary format to increase performance l TCP communication with persistent connections - Default port: tcp/8009
  • 31. Get body chunk l The container asks for more data from the request (If the body was too large to fit in the first packet sent over or when the request is chuncked). The server will send a body packet back with an amount of data which is the minimum of the request_length, the maximum send body size (8186 (8 Kbytes - 6)), and the number of bytes actually left to send from the request body. l If there is no more data in the body (i.e. the servlet container is trying to read past the end of the body), the server will send back an "empty" packet, which is a body packet with a payload length of 0. (0x12,0x34,0x00,0x00)
  • 33. Layers l Layers are made describing fields. Each layer has 3 different representations: - Human (h) - Internal (I) - Machine (m) l The functions to implement in a layer to customize the construction of the packet representations are: i2m, m2i, h2i, i2h, ...
  • 34. Fields l Fields are made describing its representations on wire and for internal use. l addfield(pkt, s, val) and getfield(pkt, s) are called for adding or getting a field from a layer
  • 35. Processing fields def post_build(self, pkt, pay): """ DEV: called right after the current layer is build. :param str pkt: the current packet (build by self_buil function) :param str pay: the packet payload (build by do_build_payload function) :return: a string of the packet with the payload """ return pkt + pay def dissection_done(self, pkt): """DEV: will be called after a dissection is completed""" self.post_dissection(pkt) self.payload.dissection_done(pkt) def post_dissection(self, pkt): """DEV: is called after the dissection of the whole packet""" pass def post_dissect(self, s): """DEV: is called right after the current layer has been dissected""" return s def pre_dissect(self, s): """DEV: is called right before the current layer is dissected""" return s
  • 36. What to implement l AJP13Header l AJP13ForwardRequest l Pascal String Field l Data length calculation
  • 37. Video
  • 39. Rand generators l Fuzzing fields with Rand...() generators is easy l RandInt(), RandShort(), RandIP() RandString(), ... on fields we want to fuzz 1) loop sending a packet 1) Every time the packet is built it call the generators and create new random values 2) don’t forget to save packets for posterior analysis [after anomaly] 2) observe logs in fuzzed application
  • 40. What to implement - AJP13 as Web Server l Generate a fuzzing template with Rand generators with AJP13ForwardRequests l Fuzz ajp13 service on Tomcat on the VM - /opt/apache-tomcat-.../ l bin/catalina.sh start l Observe logs - logs/
  • 41. Video
  • 42. What to implement - AJP13 as Servlet Container l Check test_as_server.py example, and customize it - Launch it, it will listen in 8009/tcp and reply to web server requests in AJP protocol l Launch Apache httpd - Configure httpd with the lines from the config in the sources directory l Configure modules and insert a ProxyPass directive for ajp13 - bin/httpd -X l Start making requests to Apache AJP endpoint - while [[ 1 ]] ; do curl localhost/ajp; done l Observe logs
  • 43. Video
  • 45. LoRaWAN l LoRaWAN is protocol on top of LoRa modulation l Used in IoT l Used in star topology l Essential components - Application server - Gateway - Node -
  • 46. LoRaWAN Our setup l End Nodes use LoRa modulation to talk to Gateway l Gateway use 1700/udp port to talk to application server - Semtech protocol l LoRaWAN protocol is used for End Nodes to talk to Application Server -
  • 47. LoRaWAN Our setup l LoRaWAN payloads are encrypted with AES l End Nodes can join the network with: - ABP (pre shared keys) - OTAA (keys are exchanged in JoinRequests) l The communication between the Node and Application server is encrypted. Node talks to Gateway through LoRa and the Gateway uses the Internet to reach the application server. l Gateway talks to the Application server using messages with gateway and reception information and the received message from the node. In our case its SemtechUDP protocol and LoRaWAN 1.0.1.
  • 48. LoRaWAN Our setup - Protocol l LoRaWAN Class-A, Version 1.0.1 l https://lora-alliance.org/resource-hub/lorawanr- specification-v101
  • 53. SemtechUDP l UDP based communication on port 1700 l Based on binary header and json payloads - we’ll be interested in the data of json payload where the LoRaWAN protocol is being exchanged l https://github.com/Lora- net/packet_forwarder/blob/master/PROTOCOL.TXT
  • 54. In practice l Use the vm and: - Unpack IQ samples zip to /tmp - Build and install gr-lora - Launch scapy-radio and use LoRa radio module - gnuradio.sniffradio(radio=”LoRa”) - Dissect sniffed packets
  • 55. Video