Descrizione
Edge devices attacks are on the rise. They provide attackers with an easily identifiable network entry point due to their deliberate internet exposure. Edge devices encompass a wide variety of different solutions such as virtual private network (VPN) servers, firewalls, load balancers, routers, mail systems, etc… and therefore they represent one of the most attractive targets for criminals and nation-state entities to establish initial access inside victim networks. Furthermore, bug bounty programs are increasingly looking for these types of vulnerabilities.
Whether you want to create a working proof of concept with only a few public technical details as a starting point, reproduce a 1-day exploit through patch diffing or discover new 0day vulnerabilities on your own, this class aims to teach and show students the approaches, techniques and tools to do so. No bullsh*t XSS or missing secure cookie attribute vulnerabilities here. Anything less than critical impact/RCE is banned from this course. What is really scary, students don’t need to be l33t hackers to discover and exploit vulnerabilities with the potential of having devastating impacts in the edge device world.
If your answer to some of the following questions is yes, then this course is for you:
Stumbled upon a technical blog post that describes an edge device vulnerability but does not provide all the details necessary to create a weaponized poc? Students will be shown how to overcome all the untold obstacles and create a working poc.
Do you suspect a vendor did not tell all the truth when they released a security advisory and tended to minimize the real impact of a vulnerability? Students will see how often vendors’ claims can be subverted, for example by turning a client-side issue into a server-side flaw or a post-auth bug into a pre-auth vulnerability.
Concerned a vendor did not follow the good rule of thumb that would suggest, after a vulnerability becomes public domain, to fix all the issues that follow the same pattern? Students will learn how common it is in the edge devices world to be able to discover bypasses of a previously fixed vulnerability, getting additional CVEs for fun and profit.
Interested in creating a weaponized poc for a vulnerability but no access to a patched firmware image? This course explains how to create a working RCE exploit just by following the little crumbles left in security advisories, starting from a vulnerable firmware image and without performing patch diffing.