I KNOW YOUR FILTERING POLICY BETTER THAN YOU DO: EXTERNAL ENUMERATION AND EXPLOITATION OF EMAIL AND WEB SECURITY SOLUTIONS

Email and web filtering products and services are core components for protecting company employees from malware, phishing and client-side attacks.

However, it can be trivial for an attacker to bypass these security controls if they know exactly what products and services are in use, how they are configured, and have a clear picture of the solutions' weaknesses in advance of an attack.

The Speaker has previously demonstrated that email and web filtering security appliances often have vulnerabilities which can be exploited to enable an attacker to gain control of these systems (and the data they process). More recently, he has been researching what information an external attacker can discover about the filtering solutions that a target organization has, and how to bypass controls to deliver effective client-side attacks to target employees, without detection.

In this presentation, the Speaker will demonstrate new tools and techniques for the automated enumeration of email and web filtering services, products and policies, and will show how flaws can be discovered and exploited.

This presentation will include statistical analysis of the filtering products, services and policies used by some of the world's top companies. He will show examples of easy-to-create client-side attacks which evade most filtering solutions, and work on fully patched systems to give attackers remote control.

These tools and techniques are very useful from a defensive perspective, to quickly enable the identification of filtering weaknesses and misconfiguration, or to assess the capabilities of filtering products and services.

Presented by