Command Injection in F5 iRules

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=ZOcMay2OCJ0


Duration: 48:56
1 views
0

Christoffer Jerkeby | Senior Security Consultant, F-Secure
Location: Islander EI
Date: Thursday, August 8 | 5:00pm-6:00pm
Format: 50-Minute Briefings
Tracks: Network Defense, Web AppSec

BigIP F5 products are used by large corporations and governments all around the world. Its performance and load sharing capabilities has made it a preferred choice as reverse proxy to route web traffic in complex high performance projects. The F5 product contains a subset of rules written in a language called iRules developed from the scripting language TCL. TCL language interpretation is defined in a set of rules called the dodekalogue. Common misinterpretations of the dodekalogue often leaves iRules exposed to security vulnerabilities. An attacker can inject iRule code in to a request and force the load balancer to execute remote code, sniff connections or scan internal networks. Organizations using F5 with iRules will be made aware of how to find and avoid writing vulnerable code along with a demonstration of the consequences of post exploitation of this vulnerability. An attacker that successfully exploits iRule injections can gain a foothold in the F5 device memory, break out of the TCL interpreter and cause severe damage without leaving a trace in logging facilities. The research includes code scanning and automatic exploitation tools to detect and eliminate the iRule injection vulnerability from a running F5 instance.Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-08Legal GNSS Spoofing and its Effects on Autonomous Vehicles
2022-01-08Reverse Engineering WhatsApp Encryption for Chat Manipulation and More
2022-01-08Lessons and Lulz The 5th Annual Black Hat USA NOC Report
2022-01-08Rogue7 Rogue Engineering Station Attacks on S7 Simatic PLCs
2022-01-08PeriScope An Effective Probing and Fuzzing Framework for the Hardware OS Boundary
2022-01-07Attacking iPhone XS Max
2022-01-07Come Join the CAFSA - Continuous Automated Firmware Security Analysis
2022-01-07Defense Against Rapidly Morphing DDOS
2022-01-07Automation Techniques in C++ Reverse Engineering
2022-01-07He Said, She Said – Poisoned RDP Offense and Defense
2022-01-07Command Injection in F5 iRules
2022-01-07Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
2022-01-07Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
2022-01-07HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07Behind the scenes of iOS and Mac Security
2022-01-07How Do Cyber Insurers View The World?
2022-01-07Controlled Chaos: The Inevitable Marriage of DevOps & Security
2022-01-07Detecting Deep Fakes with Mice
2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network
2022-01-070-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
password
code
web
concept
thief
protection
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Christoffer Jerkeby