Cisco ASA Episode 2 - Striking Back - Internals and Mitigations

Delve into the intricacies of Cisco ASA firewalls in this 51-minute conference talk from 44CON 2017. Explore previously unpublished details of ASA internals, reverse engineering techniques, and custom-developed tools for exploit production. Learn about the generalization of exploits to cover over 100 ASA versions and achieve 100% reliability. Gain insights into firmware analysis, filesystem access, branch understanding, and the challenges of debugging the "lina" process. Discover the architecture of asadbg and its automation capabilities, along with a statistics script for vulnerability assessment. Examine secure boot considerations and engage in a Q&A session to further expand your knowledge of Cisco ASA security.

Intro
Cisco ASA devices
Cisco ASA 5505
Emulating ASA
Previous work
Presentation's goals
Getting firmware
Accessing the filesystem
Understanding branches
Still patched?
Reversing "lina"
Painful debugging (video)
Debugging FTW
"Pleasant" debugging
Analyzing heap internals
asadbg architecture
asadbg automation (video)
Statistics script
Secure boot?
Conclusion
Questions?