A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Ubiquitous Shells - Jon Gorenflo Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Ubiquitous Shells
Jon Gorenflo
Derbycon 2018

Ubiquiti network gear has become a favorite among tech enthusiasts. Unfortunately, various Ubiquiti products have had some serious vulnerabilities in recent history, and like most products, there are deployment decisions that can dramatically reduce the security of the network. There are even features that can provide shell access to the network from the internet. Listen in as we discuss how to go from zero access from the Internet to a root shell via Ubiquiti gear. We'll also explore methods to weaponize the Unifi APs and Unifi Cloud Key devices to for use as attack platforms.

Jon is the Founder and Principle Consultant of Fundamental Security, a small consulting firm focused on penetration testing, incident response, and strategic security consulting. He started working with technology in High School as a student of the Cisco Networking Academy, and has focused on Information Security since 2006. He has performed security engineering, security architecture, incident response, and penetration testing in the government, retail, insurance, and financial sectors. He has managed a team of Penetration Testers at a Fortune 500 financial institution, and served as a Security Architect and Penetration Tester for an international Fortune 500 retailer. Jon also travels the country as an instructor for the SANS Institute. Currently, he teaches two of SANS’s seminal courses, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC560: Network Penetration Testing and Ethical Hacking. He is proud to have served in the Army Reserve for 11 years, where he became a Warrant Officer and served one tour in Afghanistan. He currently maintains the GCIH, GPEN, GAWN, GMOB, CISSP, and Security+ certifications.


Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast