Network Management Systems (NMSs) are widely deployed in medium and large organizations to map and control network and host infrastructure, and provide an excellent attack surface. NMSs are information rich for an attacker, saving reconnaissance time and providing a pivot point to hide their network activity in the background noise. The talk explores many NMS attack vectors, including persistent cross-site scripting (XSS), format string vulnerabilities, command injection, SQL injection and forced browsing to take control of the NMS and authenticated user's host. Using live demonstrations we explore attack delivery, execution and factors that control the success of each attack. In conclusion, we discuss overall risk factors and mitigation techniques for providing protection against these attacks.
Deral Heiland CISSP, serves as a Research Lead for Rapid7 Global Service. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 8+ years Deral's career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral is the creator of the open source tool 'Praeda' used for harvesting data from embedded devices. Deral also conducted security research on a numerous technical subject, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, Hackcon Norway, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including Bloomberg UTV, MIT Technical Review, MSNBC, SC Magazine, Threat Post and The Register.
Matthew Kienow is a software engineer and an independent security researcher. Matthew has presented at various security conferences including Hack In Paris, DerbyCon and CarolinaCon. Matthew has designed, built, and successfully deployed secure software solutions, however, often enjoys breaking them instead. Matthew's research has been cited by CSO, Threatpost and SC Magazine.