Exploiting Software Update Vulnerabilities in Corporate Networks

Demonstration of new client side attack capabilities by exploiting software update mechanisms in corporate environments. This talk builds upon the previous work of Francisco Amato and Fedrico Kirchbaum at Defon 18, titled Evilgrade. For an attack to be sucessful, it requires an attacker to be able to control DNS traffic on the client network. The demonstration will showcase two scenarios, 1) When executives travel and connect their work machines to hotel WiFi networks 2) When executives use their machines on their home network.

Successful exploitation will result in a reverse shell on the user machine. The payload is a meterpreter reverse TCP shell. Common applications such as Notepad++ or corporate applications that update via SCCM software center can be impacted.




Starts at Friday September 23 2016, 05:45 PM. The sessions runs for about 1 hour.