Abusing legacy: insecure by (past) design
BoB D.
An in-depth look into high-end enterprise network equipment, from zero knowledge to identifying and abusing software and design vulnerabilities spanning over a decade's worth of software and architecture design and development choices, ultimately cancelling the assurances expected for operation under FIPS requirements.
This talk covers the reverse engineering effort, as well as the development of tools to analyze, unpack, modify and forensically inspect firmware images for the affected vendor's major product line, from the early 2000s to present day. The effort wraps up with the development of an implant, leveraging the chain of vulnerabilities to persist, with a nostalgic revival of classic *nix vulnerabilities.
Speaker Bio:
Bob spends too much time worsening his carpal tunnel syndrome.
