0days for enterprise software, to be made available for Metasploit - So much money is spent on SIEMs, Firewalls, Intrusion Detection Systems, and more soft- and hardware which is intended to make enterprise environments more secure, protecting them against the bad guys out there and to streamline IT operations. During our daily work and research, we are confronted with the bad reality behind all those protection mechanisms. Enterprise Software like HP DataProtector, Nimbus, IPRemote and custom-developed software for maintenance, administrative scripts and much more, turning a company's infrastructure into a total mess and rendering all the expensive software and hardware completely useless at worst. Why bother with all the fancy attacks, if you can leverage broken third party software in place to gain a foothold and perform lateral movement for you? This talk will give you a tour below the tip of the iceberg, demonstrating some real-world and unreleased vulnerabilities and their exploits, all 0days. We will also drop some new and easy to use Metasploit modules for those exploits for everyone to play around with on their own.Back to Open CFP
The name of this talk is inappropriate.
I'm sorry if you find the name to be offensive
Mazel tov on finding bugs! Is this talk just about disclosing the bugs you found or do we learn something beyond "enterprise software is buggy, you can use it for lateral movement"? What makes these particular bugs interesting?
We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to email@example.com. This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.
Some of the benefits of speaking at INFILTRATE are: