Every day, security professionals do battle the trenches; good vs. evil, whitehats vs. blackhats, our network vs their l337 tools. And what do we do to unwind after work? For many of us, it's doing battle in the trenches with terrorists, Nazi's, and that pesky Blue team that keeps stealing our intelligence.
Video games are a multi-billion dollar industry that rivals the movie industry in size. And recently, many games have taken a decidedly online tone. People from all over the world meet up on servers every day to meet, frag, and respawn into the wee hours of the morning. But what about the security of these servers? How secure are they, and how does the underlying integrity of these servers effect you and your ability to blow up other players?
From hardware interaction to network protocols, this talk will present the inner workings of the Source Dedicated Server (used for games such as Left4Dead and Team Fortress 2). This talk will discuss some of the weaknesses in these game engines and ways they are exploited in the wild. A tool designed to dissect and analyze client/server communications will be released during the talk. We'll also provide some pragmatic advice for deploying game servers and release a white paper describing a secure configuration guidelines for the Source Dedicated Server.