All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore a critical vulnerability in industrial remote access solutions utilizing OpenVPN in this Hack in Paris conference talk. Delve into the intricacies of Work From Home setups in industrial environments, focusing on Programmable Logic Controllers and remote access solutions. Examine OpenVPN's inner workings and traffic patterns to uncover a significant security flaw that can lead to remote code execution on VPN clients. Learn about loose backend parsers, Same-Origin Policy (SOP), and Cross-Origin Resource Sharing (CORS) implications. Investigate the PerFact OpenVPN backend and architecture, and follow a step-by-step guide to prepare an exploit. Gain insights into HMS Networks, Structured Exception Handling (SEH), and the mbDIALUP launcher as part of this comprehensive analysis of industrial VPN security vulnerabilities.
Syllabus
Intro
Agenda
Work From Home: The Industrial Version
Programmable Logic Controller
Remote Access Solution
Under the Hood: OpenVPN
OpenVPN Traffic
So What's the Problem?
Example to a Very Loose Backend Parser
But What About SOP and CORS?
Recap
OK. We Can Start VPN Tunnel, SO WHAT?
But the Config File Must Be Present on the Machine!
PerFact OpenVPN - Backend
Perfact OpenVPN - Architecture
Prepare Our Exploit - Step 1
HMS Networks
SEH 101
mbDIALUP launcher
Taught by
Hack in Paris
Related Courses
Learning VPNLinkedIn Learning Security: Manage Network Security With pfSense Firewall
Udemy Linux System Security
A Cloud Guru Methods to Setup and Use a VPN
Chris Titus Tech via YouTube What Reaction to Packet Loss Reveals About VPN
BSidesLV via YouTube