Having X-Ray Eyes In Cybersecurity: Debugging with OpenSSL and ASN.1

The first thing we tell our students in the lab is to try and avoid using GUIs for their commands. While a GUI is unavoidable in the analysis of network packets, most of our tools are command-line based.

And, so, one of the best skills that electronic and software engineers can have is the ability to debug and fault find, and it’s the same for cybersecurity analysts. In cybersecurity, it is often data at rest (on the disk), data over-the-air (on the network), or data in-process (in memory).

Often it is like finding a needle in a haystack, and the ability to move up and down levels of abstract is key, especially to break data down into its smallest elements … the bits and bytes. A good deal of the analysis, too, is the understanding of how the data is structured and which bits and bytes show what information.

X-Ray eyes

Cybersecurity is often about an alert trigger, and then an analysis of whether the alert is threat or not. If it is a threat, it then can involve digging deep into the data around the event. For this, you need X-ray eyes, and often need to call on Python, xxd, Wireshark, and so on. These tools allow for a deep inspection. One such tool is OpenSSL, and wherever there’s encrypted data around, it’s likely that OpenSSL can be used to…