[ MI CASA-SU CASA ] My is Your

Your browser thinks my is the same as your Using a novel combination of redirects, Karma, JavaScript and caching we demonstrate that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration, but also the public release of the MICASA-SUCASA tool.

Presented by