Overview
Explore an in-depth analysis of exploiting vulnerabilities in Cisco ASA firewall/VPN solutions presented at the Hack In The Box Security Conference. Delve into the history of Cisco ASA exploits, including the 2016 heap overflow in IKE fragmentation and the Shadow Brokers' revelations. Learn about a new technique to bypass modern protection mechanisms like ASLR, NX, and PIE in the latest ASA versions. Discover a heap feng shui method that increases exploit success rates to over 90%. Gain insights into a previously undisclosed 0day vulnerability affecting major Cisco ASA versions and understand how to achieve remote code execution with authenticated user access. This 39-minute talk provides valuable information for security professionals and researchers interested in network security and exploit development.
Syllabus
#HITB2019AMS D1T1 - SeasCoASA: Exploiting A Small Leak In A Great Ship - Kaiyi Xu and Lily Tang
Taught by
Hack In The Box Security Conference