November 05, 2014

Dissecting Wireshark - A Case Study on Network Anti-Forensics

Wireshark is, by far, the most widely used packet analysis tool, and as such is of serious interest to anyone wishing to hide network traffic from prying eyes.

Since Defcon CTF finals necessitate doing just that, Ben and Paul scoured the Wireshark code base for bugs, and, unsurprisingly, uncovered multiple vulnerabilities (CVE-2013-5720, CVE-2012-4287, CVE-2012-4288, CVE-2012-4291, CVE-2012-4289.

In the interest of making the security and forensic communities more aware of the risks of running Wireshark today (and how to mitigate them), Ben headed to both Secuinside 2014 and OSDFCon to present their research.

Check out the slides for more info!