If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
On March 17th, Cisco Systems Inc. made a public announcement
that over 300 of the switches it manufactures are prone to a critical
vulnerability that allows a potential attacker to take full control of
the network equipment.
This damaging public announcement was preceded by Wikileaks'
publication of documents codenamed as "Vault 7" which contained
information on vulnerabilities and description of tools needed to access
phones, network equipment and even IOT devices.
Cisco Systems Inc. had a huge task in front of them - patching
this vast amount of different switch models is not an easy task. The
remediation for this vulnerability was available with the initial
advisory and patched versions of IOS software were announced on May 8th
I decided to reproduce the steps necessary to create a fully working tool to
get remote code execution on Cisco switches mentioned in the public announcement.
Another big vulnerability was disclosed in June 2017. This was a remote
code execution vulnerability in an SNMP service affecting multiple Cisco
routers and switches.
I will share the techniques and tools I used while researching vulnerable
Cisco switches and routers. Reverse engineering and debugging IOS under PowerPC
and MIPS architectures will be the focus of this talk.
We all heard about modern exploit mitigation techniques such as
Data Execution Prevention, Layout Randomization. But just how hardened
is the network equipment? And how hard is it to find critical
vulnerabilities in network devices?