ZeroNights 2018 new talks. Part 4

Newly-approved ZeroNights 2018 speakers will cover the topics of SCADA, SD-WAN, and reverse proxies.

1. Alexey «GreenDog» Tyurin«Reverse proxies & Inconsistency».Modern websites are growing more complex with different reverse proxies and balancer covering them. They are used for various purposes: request routing, caching, putting additional headers, restricting access. In other words, reverse proxies must both parse incoming requests and modify them in a particular way. However, path parsing may turn out to be quite a challenge due to mismatches in the parsing of different web servers. Moreover, request converting may imply a wide range of different consequences from a cybersecurity point of view. We have analyzed different reverse proxies with different configurations, the ways they parse requests, apply rules, and perform caching. In this talk, we will both speak about general processes and the intricacies of proxy operation and demonstrate the examples of bypassing restrictions, expanding access to a web application, and new attacks through the web cache deception and cache poisoning.

2. Denis Kolegov, Oleg Broslavsky, Anton Nikolaev«SD-WAN Internet Census». The concept of software-defined wide area network (SD-WAN or SDWAN) is central to modern computer networking, particularly in enterprise networks. By definition, these systems form network perimeter and connect Internet, WAN, extranet, and branches that make them crucial from a cybersecurity point of view. The goal of this paper is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We have explored Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and will show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.

3. Yuriy Gurkin«SCADA projects from the point of view of hackers». Almost all SCADA systems allow for project (or system configuration) files creation and have drafts of such projects delivered with the software. We have tested the possibility of making trojans based on such files and succeeded. If an attacker will somehow trick the ICS engineer to launch such trojan-project files, it would lead to SCADA system hack. Such trojans are potentially hard to detect (not detected by now by common SPAM filters) and also they could act in a stealth way. We will illustrate this threat on LabView, ATVise, and IntegraXor SCADA software.

Keep track of news updates and do not hesitate to purchase your ZeroNights 2018 ticket – there is only a few left.

Social sharing