A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Pentesting Layers 2 and 3 - Kevin Gennuso and Eric Mikulas Bsides Cleveland 2014 (Hacking Illustrated Series InfoSec Tutorial Videos)

Pentesting Layers 2 and 3
Kevin Gennuso and Eric Mikulas



Lower level network protocols have been around for decades and haven't changed much in that time. A number of tools to exploit weaknesses in those protocols have been released over the years, and those haven't changed much either. What has changed is the hardware. Routers used to be bulky, expensive, and proprietary. Now they are small, cheap, and open source. What better way is there to attack network gear than with another piece of network gear?

This presentation will focus on layer 2 and layer 3 protocols, their weaknesses, and how to protect against exploitation. We'll revisit tools such as hping, Nemesis, Yersinia, and Loki and show how they can be used to attack vulnerable networks. Finally, we'll demonstrate our ports of these tools for use on routers that run OpenWRT.

Kevin is a security testing manager and part time packet herder. He has over 17 years of experience in information security and network architecture, and has done work for a number of organizations ranging from dot-com era startups to large financial institutions.

Eric is a software developer and pre-"maker" maker. He has been writing code and wielding a soldering iron since second grade. He has over 10 years of experience as a developer and has worked for a variety of companies both as a full-time employee and independent contractor.


Back to Bsides Cleveland 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast