Explore the critical security vulnerabilities in network storage devices from major manufacturers like Seagate, D-Link, and Netgear in this 56-minute Black Hat conference talk. Discover how unauthenticated attackers can compromise and control storage systems, exposing stored data and providing a vantage point for further network infrastructure exploitation. Learn about various attack methods, including command injection, directory traversal, authentication bypass, memory corruption, and backdoors. Examine the implications of compromising network-based storage systems and understand why the absence of security in storage and networking hardware leaves data unprotected and millions of networks vulnerable. Witness live demonstrations of vulnerability exploitation to achieve root access and explore a self-propagating worm capable of exploiting network storage systems on both internal and external networks.
Overview
Syllabus
Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
Taught by
Black Hat