Vulnerability Research and Exploitation on Edge Devices

Name: Vulnerability Research and Exploitation on Edge Devices
Brand: HackInBo® Training
SKU: Ortisi_giugno_25
Availability: InStock

Edge devices attacks are on the rise. They provide attackers with an easily identifiable network entry point due to their deliberate internet exposure. Edge devices encompass a wide variety of different solutions such as virtual private network (VPN) servers, firewalls, load balancers, routers, mail systems, etc… and therefore they represent one of the most attractive targets for criminals and nation-state entities to establish initial access inside victim networks. Furthermore, bug bounty programs are increasingly looking for these types of vulnerabilities.
Whether you want to create a working proof of concept with only a few public technical details as a starting point, reproduce a 1-day exploit through patch diffing or discover new 0day vulnerabilities on your own, this class aims to teach and show students the approaches, techniques and tools to do so. No bullsh*t XSS or missing secure cookie attribute vulnerabilities here. Anything less than critical impact/RCE is banned from this course. What is really scary, students don’t need to be l33t hackers to discover and exploit vulnerabilities with the potential of having devastating impacts in the edge device world.

If your answer to some of the following questions is yes, then this course is for you:
Stumbled upon a technical blog post that describes an edge device vulnerability but does not provide all the details necessary to create a weaponized poc? Students will be shown how to overcome all the untold obstacles and create a working poc.

Do you suspect a vendor did not tell all the truth when they released a security advisory and tended to minimize the real impact of a vulnerability? Students will see how often vendors’ claims can be subverted, for example by turning a client-side issue into a server-side flaw or a post-auth bug into a pre-auth vulnerability.

Concerned a vendor did not follow the good rule of thumb that would suggest, after a vulnerability becomes public domain, to fix all the issues that follow the same pattern? Students will learn how common it is in the edge devices world to be able to discover bypasses of a previously fixed vulnerability, getting additional CVEs for fun and profit.

Interested in creating a weaponized poc for a vulnerability but no access to a patched firmware image? This course explains how to create a working RCE exploit just by following the little crumbles left in security advisories, starting from a vulnerable firmware image and without performing patch diffing.

Disponibile

Descrizione

Generic Outline:

I do not have an hour-by-hour plan as-of-yet. This is the generic outline:

Day 1

Introduction:
- why do edge devices keep getting hacked
- strategies to get the firmware / VM images
- acquiring stable local root shell access
- attack surface mapping: plan of action
The Sophos Firewall case (CVE-2022-3236)
Citrix NetScaler ADC and Gateway case (CVE-2023-6548)

Day 2

The PaloAlto PanOS case (CVE-2024-3400)
The Juniper JunOS case (CVE-2024-39565)

Day 3

The Ivanti CSA case (CVE-2024-8190, CVE-2024-8963, CVE-2024-9379, CVE-2024-9380, CVE-2024-11639, CVE-2024-11772, CVE-2024-11773)

Notes for the staff: All presented cases and scenarios include environment preparation, establishment of initial context, root-cause analysis, and exploitation. Exploited CVEs could change by the beginning of the course and replaced with more recent cases. A prerequisites for the CVEs included in the course is that for almost none of them currently exists a public poc available. Therefore this course gives access to hitherto non-public n-day exploits.

* Technical difficulty of the class:

Intermediate. Students should have basic web application hacking knowledge, basic reverse engineering skills with Ghidra and familiarity with Python

* Items students will need to provide. What tools, systems, or equipment is required for the student to take the training?

Students should have access to a computer with 8 GB RAM (minimum) and at least 40 GB free disk space.
Students should install a disassembler of their choice (e.g., IDA or Ghidra), the web proxy Burp Community Edition as well as virtualization software such as Virtual Box or VMware.

This course is one of a kind. Out there you can find courses teaching how to hack a mobile device, a hardware device, an IoT device. No specific course for edge devices is instead currently available. Other valuable points students will learn are:

Create weaponized 1-day exploits via patch diffing
Exploitation of edge device vulnerabilaties without patch diffing
Learn how to weaponize patched edge devices vulnerabilities even in absence of technical details/poc
Fundamentals of edge device virtual images reverse engineering
Bypass vendor patches
Properly re-assessing criticality of edge device vulnerabilities
Understand how to approach and what to prioritize during the edge device’s vulnerability research process

Lunch, coffee breaks and Ticket for admission to HackInBo® Classic Edition on June 7, 2025 are included!

Docente	Marco Ortisi
Edition	Spring 2025
Date	4 to 6 June 2025
Seats	15 (Disponibile )
Place	Bologna - TBD!
Time	9 a.m. to 6 p.m.
Prezzo a persona:	3.500,00€ + IVA 3.200,00€ + IVA fino al 01/05/2025
COD:	Ortisi_giugno_25