Tripwire Security Researchers to Discuss Microsoft Open Protocol Specification at Hacker Halted 2014 Conference

PORTLAND, Ore. — October 9, 2014 Tripwire, Inc., a leading provider of advanced threat, security and compliance solutions, today announced that Lane Thames and Andrew Swoboda, security researchers for the company’s Vulnerability and Exposure Research Team (VERT), will be presenting at Hacker Halted 2014. The conference will take place October 16-17, 2014, at the Georgia World Congress Center in Atlanta, Georgia.

Over the past year, Tripwire VERT implemented portions of the Remote Desktop Protocol (RDP) and heavily utilized Microsoft’s Open Specifications Program to help with the process. During the implementation, Tripwire discovered and reported a new vulnerability to Microsoft, and it was patched in June 2014. In this presentation, Thames and Swoboda will discuss how Tripwire expanded their protocol implementation to act as a fuzzer for discovering additional RDP vulnerabilities. 

Session attendees will learn:

  • What strategies are necessary to confirm that an SSL-based application performs appropriate certificate validation.
  • How to recognize and examine trust manager implementations within a compiled Android application package file.
  • Tactics to minimize exposure to the IEEE 802.11 protocol design flaws that enable man-in-the-middle attacks.

Session Title: RDP Fuzzing and Why the Microsoft Open Protocol Specification is Awesome!

Who:  Lane Thames and Andrew Swoboda, security researchers, Tripwire

When: Friday, October 17, 2014, 2:00 p.m. EST

Tripwire's Vulnerability and Exposures Research Team (VERT) is comprised of world-renowned security engineers and researchers who scour the globe looking for the latest public and private vulnerabilities. When threats are discovered, VERT writes detailed detection algorithms based on proprietary OS, application and threat fingerprinting techniques for inclusion in Tripwire's commercial vulnerability management products.

For more information, please visit:
http://www.tripwire.com/vert/.

 

About Tripwire

Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.