Europe 2015: Gaps in the Corporate Armor
In today's Intel Update we're going big... enterprise big, with a selection of Black Hat Europe 2015 Briefing highlights that focus on vulnerabilities affecting large organizations. Few targets are more tempting to criminals (or have more to lose) so let's take a peek at a few promisingly tender spots tucked behind corporate veils.
We start with Microsoft, whose Lync 2010/2013 (aka Skype for Business 2015) commmunications platform is seeing increasing corporate uptake. Although the platform has a sheen of modernity, it still suffers from old VoIP teleconference and platform issues. In VoIP Wars: Destroying Jar Jar Lync, Fatih Ozavci will show how open MS Lync front-end and edge servers, insecure federation security design, lack of encryption, insufficient defense for VoIP attacks, and insecure compatibility options may allow attackers to hijack enterprise communications, and possibly worse, compromise actual enterprise users and employees. Expect extensive live demos and a little on how to push back, too.
Next, Blue Coat ProxySG systems are widely deployed in big corporations to handle web traffic proxying and filtering... so why hasn't anyone (publicly) poked around at their internals? It's high time that happened, and Raphael Rigo will share his findings in A Peek Under the Blue Coat. His detailed analysis of the proprietary SG OS, which runs on commodity Intel hardware, will delve into OS mechanisms, file system internals, and security mechanisms (really, the lack thereof).
Last, it's unfortunate, but Continuous Integration (CI) tools provide an excellent attack surface due to the poor security controls, distributed build management capability, and their level of privilege across an enterprise. Continuous Intrusion: Why CI tools are an Attacker's Best Friends will look at the CI tools from an attacker's perspective and use them as portals to get a foothold and achieve lateral movement. Expect command and script execution, credentials stealing, and privilege escalation to not only compromise the build process but the underlying operating system and even entire Windows domains. No memory corruption bugs here -- it's all CI!
Black Hat Europe 2015 takes place November 10-13 in Amsterdam. How about registering?