Overview
Explore critical data center security vulnerabilities through a DEF CON 31 conference presentation that examines power management systems and infrastructure. Dive into nine discovered vulnerabilities affecting Power Distribution Units (PDUs) and Data Center Infrastructure Management (DCIM) systems, with detailed technical analysis of their most significant impacts. Learn about authentication bypasses, remote code execution possibilities, and system emulation techniques specifically related to data center operations. Understand how attackers could potentially exploit these vulnerabilities, challenging common assumptions about cloud security versus on-premises solutions. Gain valuable insights into database initialization, authentication mechanisms, command injection opportunities, and practical security implications for modern data centers. Master essential knowledge for data center professionals, security researchers, and those interested in critical infrastructure protection, aligning with current national cybersecurity priorities.
Syllabus
Intro
What is a Data Center?
Why Data Centers?
Database Initialization
Authentication Bypass #1 (cont.)
Authentication Bypass #2
Remote Code Execution
Dataprobe iBoot PDU
Full System Emulation
Authentication & "Autologin"
The Payload
Triaging Command Injection Opportunities
Final Take-aways
Taught by
DEFCONConference