Knowing the Unknown: Using PCAP to Break Down Application-Layer Protocols

BSidesLV 2019

Presented by: David Pearson
Date: Tuesday August 06, 2019
Time: 08:00 - 11:55
Location: Training Ground

As networks become increasingly complex, the ability to break an unknown protocol down and understand its base components and how they interact is a critical element of network security.

Protocol reverse engineering allows security analysts to understand not just how the protocol works, but the ways it can leave your enterprise vulnerable. This is especially true at the application level, where insecure or poorly managed applications can leak sensitive data.

In this workshop, attendees will learn how to reverse engineer real application-layer protocols via a deep technical dive into the network traffic of a common remote access application. The workshop will culminate with an example of identifying connections between attacker traffic in the real world.

David Pearson

Having used Wireshark ever since it was Ethereal, David has been analyzing network traffic for well over a decade. He has spent the majority of his professional career understanding how networks and applications work, currently as Principal Threat Researcher for Awake Security, which enables rapid, iterative, conclusive investigations & threat hunting by placing context at security teams’ fingertips. David holds computer security degrees from the Rochester Institute of Technology (BS) and Carnegie Mellon University (MS).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats