[ MI CASA-SU CASA ] My 192.168.1.1 is Your 192.168.1.1

DEF CON 27

Presented by: Elliott Thompson
Date: Sunday August 11, 2019
Time: 13:00 - 13:45
Location: Track 1

Your browser thinks my 192.168.1.1 is the same as your 192.168.1.1. Using a novel combination of redirects, Karma, JavaScript and caching we demonstrate that it’s viable to attack internal management interfaces without ever connecting to your network. Using the MICASA-SUCASA tool it’s possible to automate the exploitation of hundreds of interfaces at once. This presentation will introduce the attack vector and demonstration, but also the public release of the MICASA-SUCASA tool.

Elliott Thompson

The alphabet soup: OSCP, CTL/CCT-APP Senior pentester and researcher for the last 3 years, with hundreds of successful engagements behind me. Passionate about security and involved in various article pieces for infosec magazine, the BBC and the UK consumer watchdog Which?. Last year I discovered and disclosed an exploit on some Android tablets that allowed RCE through the tag. [ CVE-2018-16618 ]


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats