Attacking Nextgen Firewalls

Explore advanced techniques for attacking next-generation firewalls in this 57-minute conference talk. Dive deep into the architecture and vulnerabilities of Palo Alto Networks firewalls, covering topics such as administrative interfaces, command-line operations, and Linux-based systems. Learn about embedded software stacks, management interfaces, REST APIs, and user identification methods. Witness demonstrations of Global Protect VPN exploitation, web server crashes, and code execution techniques. Gain insights into MIPS architecture, route shell access, and root shell acquisition. Conclude with valuable recommendations for improving firewall security and participate in a Q&A session to further enhance your understanding of next-gen firewall vulnerabilities and attack vectors.

Intro
Introduction
Palo Alto
Features
Agenda
Administrative Interface
Common Line Interface
Linux Architecture
Embedded Software Stack
Management Interface
REST API
User ID
Captive Portal
Client probing
Demo
Global Protect
Global Protect VPN
Web Server Crash
Dead Check
Field Filter Check User
Code Execution
Username
PHP context
PHP body write
MIPS
Route Shell
Root Shell
Recommendations
Questions