Tweet
Jacob Baines - Do Not Trust the ASA, Trojans!
Jacob Baines, Lead Security Researcher, Rapid7, He/Him:
Presentation Title: Do Not Trust the ASA, Trojans!
Length of presentation: 45 minutes
Tool, Exploit
Cisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet it’s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.
In this talk, new vulnerabilities affecting the Cisco ASA will be presented. We’ll exploit the firewall, the system’s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewall’s trustworthiness.
The talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.
SPEAKER BIO
Jacob Baines is a Lead Security Researcher at Rapid7 and a member of the Emergent Threat Response team. As part of his daily duties, Jacob conducts n-day and zero-day vulnerability research on important or impactful systems. He particularly enjoys sharing findings with the security community and developing Metasploit exploits.
Jacob has been active in the Security field for well over a decade. He’s held positions as a developer, reverse engineer, and vulnerability researcher. As a vulnerability researcher, Jacob has had the good fortune to publish and present his research which varies from embedded system exploitation, web application attacks, and Windows vulnerabilities.
Twitter: @Junior_Baines
- REFERENCES:
* “Breaking Bricks and Plumbing Pipes” by Alec Stuart - https://www.youtube.com/watch?v=KXqrovapQ5A
* “Robin Hood vs Cisco ASA Anyconnect” by Cedric Halbronn, NCCGroup - https://recon.cx/2018/brussels/resou...AnyConnect.PDF
* “Bake Your ExtraBacon” by b, Silent Signal - https://blog.silentsignal.eu/2016/08...wn-extrabacon/
* “ANT Catalog: Firewalls” by unknown, IC Off the Record - https://nsa.gov1.info/dni/nsa-ant-catalog/firewalls/
* “The Slingshot APT” by Kaspersky - https://media.kasperskycontenthub.co..._ENG_final.pdf
* “Execute My Packet” by David Barksdale, Jordan Gruskovnjak, and Alex Wheeler, Exodus Intelligence - https://blog.exodusintel.com/2016/02...ewall-hacking/
* “Cisco ASDM IDM Launcher Vulnerabilities CVE-2021-1585” by Malcolm Lashley - https://gist.github.com/mlashley
* “AttackerKB: CVE-2021-1585” by Rapid7 - https://attackerkb.com/topics/0vIso8...apid7-analysis
* “Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence” by Veloxity - https://www.volexity.com/blog/2015/1...d-persistence/
[]
Jacob Baines, Lead Security Researcher, Rapid7, He/Him:
Presentation Title: Do Not Trust the ASA, Trojans!
Length of presentation: 45 minutes
Tool, Exploit
Cisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet it’s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.
In this talk, new vulnerabilities affecting the Cisco ASA will be presented. We’ll exploit the firewall, the system’s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewall’s trustworthiness.
The talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.
SPEAKER BIO
Jacob Baines is a Lead Security Researcher at Rapid7 and a member of the Emergent Threat Response team. As part of his daily duties, Jacob conducts n-day and zero-day vulnerability research on important or impactful systems. He particularly enjoys sharing findings with the security community and developing Metasploit exploits.
Jacob has been active in the Security field for well over a decade. He’s held positions as a developer, reverse engineer, and vulnerability researcher. As a vulnerability researcher, Jacob has had the good fortune to publish and present his research which varies from embedded system exploitation, web application attacks, and Windows vulnerabilities.
Twitter: @Junior_Baines
- REFERENCES:
* “Breaking Bricks and Plumbing Pipes” by Alec Stuart - https://www.youtube.com/watch?v=KXqrovapQ5A
* “Robin Hood vs Cisco ASA Anyconnect” by Cedric Halbronn, NCCGroup - https://recon.cx/2018/brussels/resou...AnyConnect.PDF
* “Bake Your ExtraBacon” by b, Silent Signal - https://blog.silentsignal.eu/2016/08...wn-extrabacon/
* “ANT Catalog: Firewalls” by unknown, IC Off the Record - https://nsa.gov1.info/dni/nsa-ant-catalog/firewalls/
* “The Slingshot APT” by Kaspersky - https://media.kasperskycontenthub.co..._ENG_final.pdf
* “Execute My Packet” by David Barksdale, Jordan Gruskovnjak, and Alex Wheeler, Exodus Intelligence - https://blog.exodusintel.com/2016/02...ewall-hacking/
* “Cisco ASDM IDM Launcher Vulnerabilities CVE-2021-1585” by Malcolm Lashley - https://gist.github.com/mlashley
* “AttackerKB: CVE-2021-1585” by Rapid7 - https://attackerkb.com/topics/0vIso8...apid7-analysis
* “Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence” by Veloxity - https://www.volexity.com/blog/2015/1...d-persistence/
[]