Hacking Appliances: Ironic exploits in security products

Thursday, July 18, 2013

11:00 AM - 12:00 PM PST

60 minutes, including Q&A

Hacking Appliances: Ironic exploits in security products
Proactive Defense with Automated First Responder

It is tempting to think of security appliances as somehow fortified; i.e. specially secured and hardened, or that these devices have undergone comprehensive security testing as part of a Secure Development Lifecycle. My research shows that this is mostly not the case, and rather basic and easily identified vulnerabilities were discovered in almost all security appliances I have tested.

This presentation discusses common vulnerabilities Found across various security appliances. I will show some interesting attack vectors where external attackers can exploit vulnerabilities in appliances to gain control over gateways, firewalls, email and web-filters, VPN solutions and access the internal network.

  • I will discuss various exploits I have found for popular security appliance products from trusted vendors (I will have time to discuss 5 or 6 different products).
  • There will be demonstrations of the exploits
  • We will see common vulnerabilities, which affected multiple products
  • I will explain scenarios in which these attacks can be performed, sometimes by external attackers with a minimum of effort
  • I will discuss some mitigations

Brought to you by:

Booz Allen Hamilton

Guest Presenter:

Ben Williams

Ben Williams is a Consultant for NCC Group - performing Penetration testing and IT Security research. He has been in the IT Security industry for 15 years+ and previously worked for a company which makes security appliances (for around 10 years) hence his particular interest in this area.

Ben has escalated numerous vulnerabilities in software products and appliances to a wide range of vendors. This includes exploitable flaws in security products from various well-known companies including: Citrix, Cisco, McAfee, Symantec, Sophos, Trend Micro, Websense and Barracuda Networks.

Sponsor Presenters:

Anuj Soni

Anuj Soni is a Senior Incident Responder and team lead for Booz Allen's Cyber Proactive Defense group. He executes the firm's proprietary Automated First Responder (AFR) capability to rapidly detect, respond to, and mitigate sophisticated threat actors on enterprise networks. He has over eight years of experience in incident response, forensics, and malicious code analysis.

Jason Losco

Jason Losco is the technical lead/architect for AFR. He has a strong background in cloud computing, social media analysis, and software engineering. He spent eight years working in a well-respected research and development lab focusing on social media prior to making the switch into cyber security and threat analysis.

AFR is a host-based capability that empowers our highly skilled analysts to proactively identify threats and perform incident response. This anomaly-based capability has been deployed to over 150 networks, and it harnesses the power of both automated analysis and human intelligence to aggressively identify malware that goes undetected by signature-based approaches. AFR captures thousands of host-based indicators in minutes and can scale to networks with more than 450,000 machines.

Come by the Booz Allen Hamilton Booth #18 and see demonstrations of AFR and other capabilities offered to make your networks more secure. Also, stop by our Sponsored Workshop in Room #3 (Milano) to put your skills to test by experiencing our Kaizen CTF event on Wednesday, the 31st, with chances to win cash prizes and one of three Raspberry Pi's in our hardware exploitation challenge!


Booz Allen Hamilton is a leading provider of cyber security consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. With more than 5,000 cyber professionals, Booz Allen Hamilton continues to successfully protect organizations using Intelligence Driven Security to focus on Incident Response, Preemptive Response, Threat Intelligence, and Integrated Remediation. More information is available at www.boozallen.com/cyber.

Sustaining Partners