Blackbox Service Fuzzing over Custom Network Protocols : Challenges, Solutions and Profits !
While successful for certain types of target, we realized that recent fuzzing techniques are not well suited for blackbox binary service tests over custom network protocol input.
Testing of these particular targets is challenging for three reasons: performance is limited, analysis of custom network communication could be time consuming, also complicated services workload implied complexity for analysis.
Despite the aforementioned difficulties, security bugs found on these targets are usually critical, because they can be triggered remotely without authentication.
During this presentation we will share our experience in this area using a practical approach with several SAP network services. From fuzzer selection and modification, test case generation to crash analysis as well as difficulties encountered.
The approach described during the talk has been proven effective, leading to 20 new vulnerabilities across SAP services. Finally we believe that its foundations are applicable to other targets.