I KNOW YOUR FILTERING POLICY BETTER THAN YOU DO: EXTERNAL ENUMERATION AND EXPLOITATION OF EMAIL AND WEB SECURITY SOLUTIONS

Black Hat USA 2014

Presented by: Ben Williams
Date: Thursday August 07, 2014
Time: 09:00 - 10:00
Location: South Seas IJ

Email and web filtering products and services are core components for protecting company employees from malware, phishing and client-side attacks.

However, it can be trivial for an attacker to bypass these security controls if they know exactly what products and services are in use, how they are configured, and have a clear picture of the solutions' weaknesses in advance of an attack.

The Speaker has previously demonstrated that email and web filtering security appliances often have vulnerabilities which can be exploited to enable an attacker to gain control of these systems (and the data they process). More recently, he has been researching what information an external attacker can discover about the filtering solutions that a target organization has, and how to bypass controls to deliver effective client-side attacks to target employees, without detection.

In this presentation, the Speaker will demonstrate new tools and techniques for the automated enumeration of email and web filtering services, products and policies, and will show how flaws can be discovered and exploited.

This presentation will include statistical analysis of the filtering products, services and policies used by some of the world's top companies. He will show examples of easy-to-create client-side attacks which evade most filtering solutions, and work on fully patched systems to give attackers remote control.

These tools and techniques are very useful from a defensive perspective, to quickly enable the identification of filtering weaknesses and misconfiguration, or to assess the capabilities of filtering products and services.

Ben Williams

Ben Williams is a Senior Security Consultant for NCC Group in the UK where his time is split between penetration testing and research. He has escalated vulnerabilities in software products and appliances to a wide range of vendors, including exploitable flaws in security products from various well-known companies including: Websense, Citrix, Cisco, McAfee, Symantec, Sophos, Trend Micro, Barracuda Networks among others. Ben has presented his research previously at several major security conferences (especially on the subject of "Hacking Security Appliances").


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats