Vulnerability hunting on network devices has long been an arcane, occult art-form owing to squamous hardware, strange software, and operating systems that seem to defy both logic and good software development practices. The challenges are great, but the allure of binding such strategically placed devices to your will is strong.
This talk will walk you through building an effective toolset to explore and exploit these network devices, by getting into their very essence, debugging them and using the latest in freely available tools and some very low cost hardware.
We’ll look at a variety of devices from Juniper and Cisco and how to poke around their innards before demonstrating how to work out an exploit to the now well know SNMP overflow vulnerability in Cisco ASAs works by using the tools and techniques live.
Bobby Kuzma is a CISSP, security geek, and retired IT consultant. If it processes data, he’s probably tried to make it do bad things. He teaches, mentors, and explores (and occasionally explodes) technology. Four out of five coworkers agree that's unsafe to let him get bored. When not spelunking through the infosec underworld, Bobby is a sorcerer with Core Security Technologies.