2. About Alex Hernandez aka alt3kx Currently researcher contributor Spain, Germany, USA, Amsterdam, Argentina, Australia, Belgium, Canada, and Mexico. He has also coded some exploits, mainly for the pen- testing task. The last public exploit published on security’s page like milw0rm, securityfocus , Packetstorm. Devision Security Labs Neurowork Spain www.SybSecurity.comMX-AR-ES
3. Content Aruba Networks (WiFIRouter) 0-day CSRF & HijackingSession (cookies) Exploit & PoC video TriB0x (VoIPasterisk) 0-day SQLi and LFI Exploit & PoC video Cisco VPN client 0-day Denial Of Service (DoS) Exploit & PoC video
4. Aruba's networks were designed from the ground up to meet these requirements – and more. Our wireless solutions make add, move, and change costs evaporate. In fact, wireless networks built on our adaptive 802.11n technology cost just 10% of a comparable wired build- out, allowing you to rightsize your network while upgrading efficiency and productivity. www.arubanetworks.com
10. Trixbox es una distribución del sistema operativo GNU/Linux, basada en CentOS, que tiene la particularidad de ser una central telefónica (PBX) por software basada en la PBX de código abierto Asterisk. Como cualquier central PBX, permite interconectar teléfonos internos de una compañía y conectarlos la red telefónica convencional (RTB - Red telefónica básica).
11. SQLi Trixb0x Web-meetme What is it: Web-MeetMe is a suite of PHP pages to allow for scheduling and managing conferences on an Asterisk PBX. Add rooms and specify)
19. Overview The Cisco Virtual Private Network (VPN) Client establishes an encrypted tunnel between a local system and a Cisco VPN concentrator. The tunnel provides data integrity and confidentiality, allowing users a secure connection to a corporate network otherwise from a public non-trusted network.
20. Description A Denial of Service (DOS) attack on the win32 VPN client platform, can be exploited locally and collapse the VPN client through the "cvpnd.exe" service running with "SYSTEM" priviledges.
21. Technicaldetails The Cisco VPN Clientfor win32 getsinstalled as a Windows servicecalled "Cisco Systems, Inc. VPN Service" or "CVPND", and itsbinaryisassociatedto: C:rogram Filesisco SystemsPN Clientvpnd.exe. C:rchivos de programaisco SystemsPN Clientvpnd.exe By defect, the CVPND service gets executed with "SYSTEM" priviledges
28. Response CISCO? Yep, CISCO r0x Omar Santos osantos [at] cisco [dot] com PSIRT HighRisk! BugID es CSCsz49276 PSIRT ID es PSIRT-0676131279 Relese 27 Agosto 2009 (Credits Alex Hernandez)
29. Thank u! ahernandez [at] sybsecurity [dot] com Research & Papers: http://www.sybsecurity.com/en/laboratory/