Analysis to Remote Root 0day in a SSL-VPN Appliance
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Delve into a comprehensive analysis of remote root vulnerabilities in SSL-VPN appliances through this Hack In The Box Security Conference presentation. Explore the internals of the F5 FirePass SSL-VPN Appliance, uncovering hidden vulnerabilities despite existing security protections. Follow the journey from reverse engineering to binary planting, decrypting file systems, and examining the environment. Discover how web vulnerabilities, format string vulnerabilities, and persistence lead to overcoming multiple limitations and protections, ultimately gaining a remote unauthenticated root shell. Learn about the responsible disclosure process and the exemplary vendor response from F5. Gain insights into the misconceptions surrounding "security appliances" and the potential impact on Fortune 500 companies. Benefit from the expertise of Israeli security researcher Tal Zeltzer as he shares his findings, research methods, and tools developed during this in-depth investigation.
Syllabus
Introduction
Tals Bio
Research
Disadvantages
Vulnerability
Attack Surface
Analysis
Virtual Machines
Boot Partition
Busy Box Shell
Decrypt Command
Debug Shell
Linux
Slackware
Character Distribution
PHP Encryption
XDebug
MySQL Log
Setup
Tunnel Handler
Tunnel Error
SQL Injection Vulnerability
SQL Log
Propagation
Stack trace
Block comments
Failed
Stack Overflow
Field Terminator
Vulnerability Disclosure Process
Demo
Thanking the EFF
Thanking others
Questions
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube