This talk will demonstrate how attackers can compromise a company’s network via their firewall system. It’s a common misbelieve that security tools are always secure. The aim of this talk is to show the audience the difference between a secure and a security product. First we discuss how we can remotely detect and identify the firewall system within the target internal network. After that we start a brute-force attack from the internet via the victim’s browser against the internal firewall. We will show how an attacker can bypass different used CSRF protections to trigger actions on the firewall system. Finally, we are going to exploit a memory corruption bug (type confusion bug which leads to a use after free vulnerability) in the PHP binary on the firewall to spawn a reverse root shell.
RecordedNov 25 201630 mins
Your place is confirmed, we'll send you email reminders
DSS ITSEC in an annual, international and largest in the Baltic States cyber-security, data protection, privacy tech and business conference and expo from 2010, event annually brings together top ICT Security professionals from industry’s leading technology vendors, international organisations and agencies, local and regional businesses, as well as, representatives of government and public sector.