| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Network Management Systems (NMSs) are widely deployed in medium and large organizations to map and control network and host infrastructure, and provide an excellent attack surface. NMSs are information rich for an attacker, saving reconnaissance time and providing a pivot point to hide their network activity in the background noise. The talk explores many NMS attack vectors, including persistent cross-site scripting (XSS), format string vulnerabilities, command injection, SQL injection and forced browsing to take control of the NMS and authenticated user?s host. Using live demonstrations we explore attack delivery, execution and factors that control the success of each attack. In conclusion, we discuss overall risk factors and mitigation techniques for providing protection against these attacks. Deral Heiland:
Deral Heiland CISSP, serves as a Research Lead for Rapid7 Global Service. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 8+ years Deral?s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral is the creator of the open source tool ?Praeda? used for harvesting data from embedded devices. Deral also conducted security research on a numerous technical subject, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, Hackcon Norway, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC, SC Magazine, Threat Post and The Register.
Matthew Kienow:
Matthew Kienow is a software engineer and an independent security researcher. Matthew has presented at various security conferences including Hack In Paris, DerbyCon and CarolinaCon. Matthew has designed, built, and successfully deployed secure software solutions, however, often enjoys breaking them instead. Matthew?s research has been cited by CSO, Threatpost and SC Magazine.
Deral - @Percent_x, Matthew - @HacksForProfit
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast