DHCP Is Hard
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Dive into the complexities of DHCP security in this 48-minute conference talk from Hack In The Box Security Conference. Explore critical vulnerabilities in popular DHCP implementations, including dnsmasq (CVE-2017-14493) and ISC DHCP (CVE-2018-5733). Examine the architecture of ISC DHCP and systemd networkd, uncovering potential security flaws. Learn about refcount overflow, infoleak vulnerabilities, and heap overflow techniques leading to arbitrary write. Discover how to exploit these vulnerabilities through client-server interactions and tcache poisoning. Gain insights into the challenges of DHCP security and understand the implications for network infrastructure.
Syllabus
Intro
dnsmasq - CVE-2017-14493
ISC DHCP - CVE-2018-5733
Refcount Overflow
ISC DHCP - Architecture
ISC DHCP - Real Architecture
Systemd networkd (CVE-2018-15688)
Infoleak-client_parse_message
Triggering the Infoleak: server - client
Triggering the Infoleak: client - server
Leaking a glibc pointer
Heap Overflow to Arbitrary Write
tcache Poisoning
Putting it all together
Conclusion
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube