GradeZero Music Band

Saturday, December 29, 2018

35C3 talk and metasploit releases

Refreshing memories of Chaos Communication Congress SD-WAN New Hop talk.

35C3 talk video and exploits for SD-WAN.

Citrix Netscaler SD-WAN #metasploit module. Remote command execution -> root.

Tuesday, December 4, 2018

#scada #energy #automotive #cybersec

Worth reading on #scada #energy #automotive #cybersec. Talks and research paper by Dmitry Sklyar on security of Electric Vehicle, ChargePoint Home charging station.

Wednesday, November 21, 2018

SD-WAN and Elon Musk at #zeronights

The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration. 

As presented at Zeronights 2018 by Anton Nikolaev, Denis Kolegov, Oleg Broslavsky.

Monday, November 12, 2018

SD-WAN Threat Landscape

The goal of this paper is to understand SD-WAN threats using practical approach. We describe basic SD-WAN features and components, investigate an attack surface, explore various vendor features and their security, explain threats and vulnerabilities found in SD-WAN products. We also extend existing SDN threat models by describing new potential threats and attack vectors, provide examples, and consider high-level approaches for their mitigations.

Wednesday, November 7, 2018

WebGoat.SDWAN.Net in Depth

SD-WAN New Hop talk by Denis Kolegov, Oleg Broslavsky as presented at Power of Community 2018 conference, Seoul, Korea. [1] [2]

In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.

Citrix NetScaler SD-WAN vulnerabilities details

On CTX236992, mode details and exploitation vectors by Sergey Gordeychik, Denis Kolegov, Nikita Oleksov, Nikolay Tkachenko, Oleg Broslavsky

Unauthenticated Access to Munin Service
Incorrect Access Controls
Cross-Site Request Forgery
Use of CakePHP Component with Known Vulnerabilities
Cross-Site Scripting(s)
Path Traversal(s)
SQL Injection(s)
Slow HTTP DoS Attacks
Session ID Leakage
Sudo Misconfiguration
OS Command Injection(s)

Thursday, November 1, 2018

SD-WAN Infiltrator

SD-WAN Infiltrator is an NSE script to automatically discover SD-WAN nodes in a local network. It uses SD-WAN Census Database.
Useful for pentest/internal network assessment.
Special release for CodeBlue Security Conference, Tokyo, Japan.

Monday, October 22, 2018

Vulnerabilities in SD-WAN: Client side

Citrix NetScaler SD-WAN bugs/fixes

Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to compromise the host.

Monday, October 15, 2018

s7scan to replace plcscan

s7scan by Danila Parnishchev is a tool that scans networks, enumerates Siemens PLCs and gathers basic information about them, such as PLC firmware and hardware version, network configuration and security parameters such as:

Wednesday, October 10, 2018

SD-WAN Harvester v 0.99

SD-WAN Harvester tool was created by Anton Nikolaev and Denis Kolegov  to automatically enumerate and fingerprint SD-WAN nodes on the Internet. It uses Shodan search engine for discovering, NMAP NSE scripts for fingerprinting, and masscan to implement some specific checks.

Friday, August 17, 2018

Silver Peak EdgeConnect < 8.1.7.x. multiple vulnerabilities

On SD-WAN vulnerabilities discussed here.

Silver Peak SD-WAN solutions enable distributed enterprises to build a better WAN, securely connecting users to applications without compromising application performance.

Wednesday, August 8, 2018

SD-WAN updates

The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.

Thursday, February 15, 2018

GE D60 Line Distance Relay security fixes

Security hardening of network services with encrypted tunnel leads to buffer overflow and remote code execution in D60 Line Distance Relay as reported in security advisory ICSA-18-046-02.