Speaker: Matt "scriptjunkie" Weeks Researcher
The best techniques for exploitation, maintaining access, and owning in general move down the stack, using low-level code to bypass security controls. Take the preboot execution environment and get bios-level access to the hardware from across the network, outside any control of the on-disk operating system. In this presentation I will detail the pxesploit attack I wrote, releasing a new metasploit-based comprehensive PXE attack toolkit to deliver any payload reliably to many different operating systems. Also new will be the ability to host a PXE attack through a meterpreter session in memory, using it to escalating privileges and own remote networks.
The best techniques for exploitation, maintaining access, and owning in general move down the stack, using low-level code to bypass security controls. Take the preboot execution environment and get bios-level access to the hardware from across the network, outside any control of the on-disk operating system. In this presentation I will detail the pxesploit attack I wrote, releasing a new metasploit-based comprehensive PXE attack toolkit to deliver any payload reliably to many different operating systems. Also new will be the ability to host a PXE attack through a meterpreter session in memory, using it to escalating privileges and own remote networks.
Related articles
- DefCon: Hacker Conference Exposes Lax Security Of Companies, Other Hackers (huffingtonpost.com)
- How to pxe boot to Ghost in 4 steps (edugeek.net)
- #Defcon 2011: Cellular Privacy - A Forensic Analysis of Android Network Traffic (tjwallas.weebly.com)
- #Defcon 18: How to hack millions of routers (tjwallas.weebly.com)
