Monday, July 1, 2019

SD-WAN Security Assessment: The First Hours

SD-WAN Security Assessment: The First Hours


Introduction


Suppose you need to perform a security assessment of an SD-WAN solution.
There are several reasons for this and one of them is selecting an SD-WAN provider or product.

A traditional SD-WAN system involves many planes, technologies, mechanisms, services, protocols and features.
It has distributed and multilayered architecture. So where should you start?

The main goal of this document is to list basic sanity checks that can be used when investigating SD-WAN.
We will consider general checks that can be applied to any SD-WAN system.

Wednesday, May 15, 2019

More cyber girls needed!

Harbour.Space University (Barcelona) provides  scholarship opportunity for women who want to study Cybersecurity or Fintech.
Apply before May 30th to Hack The Planet for free!

https://harbour.space/register

Sunday, May 12, 2019

On CVE-2019-11550


Citrix SD-WAN Security Update (CTX247735)

An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This  vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic.

Tuesday, April 30, 2019

The Grinder updates

New release of the Grinder framework, created to automatically enumerate and fingerprint hosts on the Internet using different back-end systems: search engines, such as Shodan or Censys, for discovering hosts and NMAP engine for fingerprinting and specific checks.


Wednesday, March 27, 2019

The Grinder for SD-WAN

Internet-connected Devices Census Python Framework by Anton Nikolaev

Special release for insomnihack 2019.

The Grinder framework was created to automatically enumerate and fingerprint different hosts on the Internet using different back-end systems: search engines, such as Shodan or Censys, for discovering hosts and NMAP engine for fingerprinting and specific checks. The Grinder framework can be used in many different areas of researches, as a connected Python module in your own project or as an independent ready-to-use from the box tool.

Saturday, December 29, 2018

35C3 talk and metasploit releases

Refreshing memories of Chaos Communication Congress SD-WAN New Hop talk.

35C3 talk video and exploits for SD-WAN.

Citrix Netscaler SD-WAN #metasploit module. Remote command execution -> root.