44CON 2017 has ended
Back To Schedule
Thursday, September 14 • 13:30 - 14:29
Cedric Halbronn - Cisco ASA Episode 2: Striking back - Internals and Mitigations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In 2016, two critical vulnerabilities were published that targeted Cisco ASA (Adaptive Security Appliance) firewalls. Even though the exploits for both are public, they are restricted to specific ASA versions and there is no public tool to understand how they work. This talk is about ASA internals, the reverse engineering involved and tools we have developed to better weaponize exploits.

In addition to covering previously unpublished details of Cisco ASA internals and how the exploit was generalised to apply to over 100 versions and made 100% reliable, the talk will cover a number of tailor-made tools developed to assist in the reverse engineering and exploit production. The tools will be released after the talk.


Thursday September 14, 2017 13:30 - 14:29 BST
*Track 1*