No announcement yet.

Daniel (dozer) Jensen - Hunting Bugs in The Tropics

  • Filter
  • Time
  • Show
Clear All
new posts

  • Daniel (dozer) Jensen - Hunting Bugs in The Tropics

    Daniel (dozer) Jensen - Hunting Bugs in The Tropics

    Daniel (dozer)Jensen, Hacker

    Presentation Title: Hunting Bugs in The Tropics
    Length of presentation: 45 Minutes

    Aruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.

    Over the past couple of years, I've been hunting for vulnerabilities in some of Aruba's on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces and a frequently overlooked bug class.

    This talk will explore some of the vulnerabilities I've found in various products in the Aruba range, and include details of their exploitation. I'll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.

    Daniel (aka dozer) works as a security consultant at a large cybersecurity company. He has been a professional penetration tester for several years, and has discovered numerous vulnerabilities in a wide range of software. He currently lives in New Zealand, and his favourite animal is the goose.

    Aruba Vulns/ Prior Research (My own post)