Explore a detailed security research presentation from DEF CON 31 that uncovers critical vulnerabilities in MikroTik's RouterOS, focusing on a pre-authentication Remote Code Execution (RCE) vulnerability that remained undiscovered for nine years. Learn about the overlooked attack surfaces in RouterOS's architecture, particularly the socket callback and remote object mechanisms that affect over 3 million deployed devices. Discover the methodology used to identify these security flaws, understand the vulnerability patterns, and gain insights into the complex lower-layer objects of Nova Binary implementation. Benefit from shared open-source tools and research approaches that make RouterOS security analysis more accessible, presented by DEVCORE security researcher and Pwn2Own Toronto 2022 "Master of Pwn" winner, Ting-Yu Chen (NiNi).
Overview
Syllabus
DEF CON 31 - Review on the Less Traveled Road - 9 Yrs of Overlooked MikroTik PreAuth RCE - NiNi Chen
Taught by
DEFCONConference