DHCP Is Hard
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Dive into the complexities of DHCP security in this 48-minute conference talk from Hack In The Box Security Conference. Explore critical vulnerabilities in popular DHCP implementations, including dnsmasq (CVE-2017-14493) and ISC DHCP (CVE-2018-5733). Examine the architecture of ISC DHCP and systemd networkd, uncovering potential security flaws. Learn about refcount overflow, infoleak vulnerabilities, and heap overflow techniques leading to arbitrary write. Discover how to exploit these vulnerabilities through client-server interactions and tcache poisoning. Gain insights into the challenges of DHCP security and understand the implications for network infrastructure.
Syllabus
Intro
dnsmasq - CVE-2017-14493
ISC DHCP - CVE-2018-5733
Refcount Overflow
ISC DHCP - Architecture
ISC DHCP - Real Architecture
Systemd networkd (CVE-2018-15688)
Infoleak-client_parse_message
Triggering the Infoleak: server - client
Triggering the Infoleak: client - server
Leaking a glibc pointer
Heap Overflow to Arbitrary Write
tcache Poisoning
Putting it all together
Conclusion
Taught by
Hack In The Box Security Conference
Related Courses
CNIT 127: Exploit DevelopmentCNIT - City College of San Francisco via Independent Information Security - 5 - Secure Systems Engineering
Indian Institute of Technology Madras via Swayam Reverse Engineering Linux 32-bit Applications
PentesterAcademy WebKit Everywhere - Secure or Not?
Black Hat via YouTube The Info Leak Era on Software Exploitation
Black Hat via YouTube