DEF CON 27: How to Take Over Internal IPs, Externally

Logo
Presented by

Elliott Thompson, Principal Cybersecurity Consultant

About this talk

As seen at DEF CON 2019, SureCloud's Principal Cyber Consultant continues his DEF CON presentation "[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1". Your browser thinks our 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching, Elliott demonstrates that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool, it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration of the MICASA-SUCASA tool. Elliott will also discuss his experience at DEF CON 2019 and the feedback regarding his tool post-release. - Covering old ground is sometimes valuable - Combining vulnerabilities can have a greater impact than the sum of their parts - Some router manufacturers make truly bizarre decisions DEF CON Presentation being continued: [ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (13)
Subscribers (544)
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.