This is the video from my presentation at BlackHatEU 2012 back in May, which shows some typical examples of exploits I had found in the period from October 2011 to March 2012 (all of the issues in the demo videos have now been addressed).
(this video is around 40 minutes, and may take a minute or so to start depending on your connection)
If you are interested in the technical side, the white-paper that went with this presentation can be found here:
http://www.nccgroup.com/en/learning-research-centre/security-testing-audit-compliance-resources/white-papers/
Since then I have continued my research project, and to-date have found around 80 exploits (most of which are in Security Gateways, though I have also started to look at some other types of appliances as well). Fixes and updates have been released for at least 25 of these exploits so far, though the majority are still in the respective vendor's patch-cycle (this means that these products are improving, which is a positive outcome).
Some vendors are very reactive, a few vendors (especially Symantec and Barracuda) don't seem to be able to turn around fixes within a reasonable timeframe (Symantec still have not addressed serious issues I raised with them back in January 2012 - despite me chasing them). The good news is that many vendors address issues within a couple of months or so, and some within a few days - which is excellent!
As for a briefest of summaries; this research is continuing to uncover more and more similar issues, showing alarming trends in the insecurities of security-product Web UIs. For example:
Almost all Security Gateway products had
- Unauthenticated information disclosure
- XSS with session-hijacking
- CSRF of admin functions
- Command-injection
- Privilege escalation
Several had
- Direct authentication-bypass
- Stored out-of-band XSS and OSRF
A few had
- Gateway Denial-of-Service
- There were a wide variety of more obscure issues
Basically speaking, almost all of the Security Gateways I looked at could be compromised by an attacker, and used as an entry point to break into corporated networks.
More recently, and of particular interest I have been looking at ways of exploiting these systems via insecure backup/restore functions, using request forgery to perform arbitrary file-upload. I feel this is an interesting attack-vector because it usually results in a "root shell" - maybe I will do a post on that at some point to explain how the attack works.
Anyway, there are plenty more similar products out there, so I will continue looking. If you have any suggestions of products you think I should look at (especially security appliances) let me know.
Great ceativity and the post clarity is awesome! I hope you will continue to have such articles to share with everyone!
ReplyDeletehappy wheels
This comment has been removed by the author.
ReplyDeleteI will provide some useful video tutorials to give you an idea on how to prepare the PPT files. http://jllivmowhq.dip.jp http://s3678blftg.dip.jp http://loy7ii9009.dip.jp
ReplyDeleteHey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
شركه نظافه بالرياض
ReplyDeleteتنظيف شركة
غرف عزاب
شركات نقل الاثاث
مطابخ الدمام
طريقة تفريغ المسبح
موكيت فنادق الرياض
كيفية التخلص من الحشرات المنزلية
فلل للايجار شرق الرياض
شركة الصفرات لتنظيف الكنب بالرياض
QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
ReplyDeleteCC with CVV Fullz (USA, UK, CANADA)
Tutorials & E-Books For Ethical Hacking
Tools For Everything You Need
I'm On Telegram = @killhacks & I C Q = 752822040
Stuff available for
(Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )
Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
Availability 24/7
FASTEST DELIVERY
Build Your Own Business with proper guide & Legit Tools
Always glad to serve
GOOD LUCK
Here I'm:
I C Q = 752822040
Tele-gram = @killhacks
غرف التبريد في المصانع تعتبر من المكونات الأساسية للحفاظ على المنتجات وتخزينها بطريقة سليمة وآمنة، خاصة في الصناعات التي تعتمد على برج تبريد للبيع للحفاظ على جودة المواد مثل الصناعات الغذائية، والصيدلانية، والكيماوية. توفر غرف التبريد تحكمًا دقيقًا في درجات الحرارة المطلوبة للحفاظ على المنتجات المختلفة. يمكن ضبط درجات الحرارة لتتراوح بين التجميد العميق والتبريد العادي، حسب متطلبات المنتج.
ReplyDelete