Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

When Your Firewall Goes Nuts

Birk Kauer

1 vote(s)

"Next-Generation" firewalls provide functionality well beyond the traditional filtering capabilities. They offer deep protocol inspection, application identification, user based filtering, VPN functionality and more.

While this significantly increases the attack surface of these devices, little public research is available. In this talk we will present an in-depth analysis of one of the leading NGFW solutions. Besides describing the overall system architecture, we will discuss and demonstrate critical vulnerabilities in different components that result in a remote compromise of the appliance.

All vulnerabilities are currently under responsible disclosure, hence we cannot provide further details. The vulnerabilities will be demonstrated live during the talk. If there is no patch available by the time of the talk, we will not show the exploit code.

About Birk Kauer

Birk is a security researcher at ERNW Research in Heidelberg, Germany and enjoys exploitation the most, especially in very tricky and complex environments. He often attends CTFs (Capture the Flags) to challenge himself with tricky exploits while keeping up with daily consulting and assessment work. He currently holds OSCP, OSCE and OSEE certificates from offsec (Offensive-Security).