DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin
At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered.
Paul will provide you with defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2. He kindly answered a few questions beforehand:
Please tell us the top facts about your talk.
The presentation focuses on commonly overlooked layer 2 security issues. In many cases penetration testers and auditors focus on the upper layers of the OSI model and miss the low hanging fruit at layer 2. The talk will cover both offensive exploit techniques and methods for securing networks. Multicast switching and routing protocols, router redundancy protocols, IPv6 and other protocols will be discussed.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The talk was inspired by numerous penetration testing projects where up to 8 high level vulnerabilities were identified within a few minutes by simply running Wireshark on networks. It became obvious that the red and blue teams are failing to address layer 2 security.
Why do you think this is an important topic?
In my experience a network can be fully patched with secure apps and OS but the first hop layer 2 protocol vulnerabilities are overlooked.
Is there something you want everybody to know about your topic – Some good advice for our readers maybe?
If you are an experienced AppSec security professional interested in learning how to test and secure lower layers of the OSI stack this talk should be of interest to you. Anyone that is new to INFOSEC and desiring to learn a few new tricks to make immediate impact on their team should definitely attend this talk.
A prediction for the future – What do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?
I am very interested in how software defined networks(SDN) and network function virtualization(NFV) will affect both enterprise and service provider networks. Centralized control and automation will enable many network infrastructure and protocol issues to be resolved in a timely manner. At the same time new attack surfaces and attack vectors will be developed for the new architectures as they are deployed.
Paul Coggin is an information Security Engineer. His expertise includes tactical, service provider and ICS/SCADA network infrastructure attacks and defenses as well as large complex network design and implementation. His experience includes leading network architecture reviews, vulnerability analysis and penetration testing engagements for critical infrastructure and tactical networks.