DEF CON 27: How to Take Over Internal IPs, Externally

Logo
Presented by

Elliott Thompson, Principal Cybersecurity Consultant

About this talk

As seen at DEF CON 2019, SureCloud's Principal Cyber Consultant continues his DEF CON presentation "[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1". Your browser thinks our 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching, Elliott demonstrates that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool, it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration of the MICASA-SUCASA tool. Elliott will also discuss his experience at DEF CON 2019 and the feedback regarding his tool post-release. - Covering old ground is sometimes valuable - Combining vulnerabilities can have a greater impact than the sum of their parts - Some router manufacturers make truly bizarre decisions DEF CON Presentation being continued: [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (41)
Subscribers (10289)
SureCloud provides Cloud-based GRC Applications and Cybersecurity Services that help our customers achieve an integrated approach to managing their risk, compliance and information security. The SureCloud Platform is simple but powerful technology that gives our customers a single source to view and manage GRC and cybersecurity processes from anywhere in the world. Our customers benefit from automating formerly spreadsheet-driven processes but increasingly from addressing strategic initiatives such as the EU GDPR, ISO 27001, IRAM2, NIST, PCI and others. Check our CYBERSECURITY content here: https://www.brighttalk.com/channel/17769/ Register to our USA channel here: https://www.brighttalk.com/channel/17677/