June 4, 2006
"By modeling all of the possible inputs of a protocol or file format as an input tree, the potential weak points of an implementation can be assessed easily and efficiently. Existing attacks can be reused for similar structures and datatypes, and any complex or susceptible areas can be focused on to improve the probability for success. This method is applicable not only for creating new attacks, but also for proactive defense and even protocol design. Some knowledge of network protocols is expected, as are also the basics of security testing and anomaly design. The talk will apply the presented techniques by presenting an input tree for DNS and cataloguing the potential attacks and problem areas."