Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A Pre-Auth RCE on Leading SSL VPNs

Hack In The Box Security Conference via YouTube

Overview

Explore a critical security vulnerability in leading SSL VPNs through this 57-minute conference talk from the Hack In The Box Security Conference. Discover how pre-authentication remote code execution (RCE) vulnerabilities affect nearly half of Fortune 500 companies and numerous government organizations. Learn about the discovery of a "magic" backdoor allowing unauthorized password changes, and witness demonstrations of gaining root shell access, weaponizing servers against their owners, and exploiting hidden features to compromise VPN clients. Delve into advanced web and binary exploitation techniques, including Apache jemalloc exploitation and web architecture vulnerabilities. Gain insights into post-exploitation strategies, attack vectors against SSL VPNs, and general hardening actions to mitigate potential zero-day threats. Understand the far-reaching implications of these vulnerabilities and the importance of viewing SSL VPNs not just as Virtual Private Networks, but as potential "Vulnerable Points of your Network."

Syllabus

#HITBGSEC D1: A Pre-Auth RCE On Leading SSL VPNs - Orange Tsai and Tingyi Chang

Taught by

Hack In The Box Security Conference

Reviews

Start your review of A Pre-Auth RCE on Leading SSL VPNs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.