Peer Reviewed Journal via three different mandatory reviewing processes, since 2006, and, from September 2020, a fourth mandatory peer-editing has been added.
Network security testing can be done at different levels of fidelity. This can involve simply scanning a network to identify any open ports for services and versions of services, to uncovering novel vulnerabilities in proprietary or undocumented services. The granularity of such an analysis depends not only on time and cost, but also on the availability of client software that can be used to interact with the different services. Complexity increases when the underlying protocol is undocumented or nontrivial. In this case, testers must first understand the protocols, and then develop software that can be used to interact; past the common handshake or initial connection behavior to uncover vulnerabilities. In this paper, we present an architecture that marries protocol reverse engineering and network fuzzing through a graphical interface. We have developed a proof of concept (PoC) that is capable of intercepting packets between source and destination nodes; allowing analysts to use the interface to interactively or pseudo-interactively (using hooks) observe, modify, drop, and/or forward the traffic during security tests. We designed our experimentation methodology with two perspectives in mind: blue-teaming (cooperative grey/white box) and red-teaming (non-cooperative, black box). We report performance of our PoC with the Transport Control Protocol.
