BSides London 2017 Rookie Track ‘IPv6 for Pentesters’
A presentation on assessing hosts that have both IPv4 and IPv6 networking capabilities. The talk doesn’t focus upon any specific protocol vulnerabilities, but rather on the insecurities that can be introduced from a misunderstood and often ignored protocol.
Blackhat Webcast ‘Where’s your host at?’
With the ever growing use of personal devices and the expansion of IOT devices, connectivity to the traditional network has become a bit of a blur. Users are often away from the office and use a multitude of devices to connect back to base from where they operate as if they were sitting at their desks. It’s commonplace to hear about attacks on weak server and device configurations, poorly managed systems and weak physical controls – how do you protect a user that is not based on the company premises?!
Networks that were considered to be fairly well secured and have a limited external presence have in recent months become exposed within hours of vulnerability disclosures such as the debacle surrounding Junipers SCREENOS towards the end of 2015 as well as the recently disclosed issues that affected Cisco based IKE VPNs of recent times.
We’ll take this opportunity to highlight some common, simple yet effective attacks on infrastructure, remote users and ‘undefined’ equipment that you may not even give a second thought. We’ll provide an introduction into using common techniques on attacking infrastructure, examples of how to utilise built-in tools to aid in attacks as well as give you a glimpse of a pentesters mindset.