A Pre-Auth RCE on Leading SSL VPNs
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore a critical security vulnerability in leading SSL VPNs through this 57-minute conference talk from the Hack In The Box Security Conference. Discover how pre-authentication remote code execution (RCE) vulnerabilities affect nearly half of Fortune 500 companies and numerous government organizations. Learn about the discovery of a "magic" backdoor allowing unauthorized password changes, and witness demonstrations of gaining root shell access, weaponizing servers against their owners, and exploiting hidden features to compromise VPN clients. Delve into advanced web and binary exploitation techniques, including Apache jemalloc exploitation and web architecture vulnerabilities. Gain insights into post-exploitation strategies, attack vectors against SSL VPNs, and general hardening actions to mitigate potential zero-day threats. Understand the far-reaching implications of these vulnerabilities and the importance of viewing SSL VPNs not just as Virtual Private Networks, but as potential "Vulnerable Points of your Network."
Syllabus
#HITBGSEC D1: A Pre-Auth RCE On Leading SSL VPNs - Orange Tsai and Tingyi Chang
Taught by
Hack In The Box Security Conference
Related Courses
OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)Cybrary From Software Engineer to Security Researcher - Suz Hinton's Career Journey
freeCodeCamp Assembly Language Adventures (1): Counting with two digits
Udemy Assembly Language Adventures: Complete Course
Udemy Reticle Dropping - An Intelligent F-BOMB
YouTube