Evict Threat Actors from Perimeter Appliances: Exploiting Edge Devices #shorts

My colleague Mar and I want to talk today about living on the edge, evicting threat actors from parimeter appliances. And first of all, before we go into depth um and talk about some forensic stuff and some exploits and what's happening right now, uh we first need to define what exactly edge devices are. So we all know what what we are talking today. And basically what we're referring to is edge devices is something that sits at the on the edge on your of your internet between your company and the internet. Something which is reachable from the internet like it should be uh like a parameter firewall for example it should be reached from the internet obviously like

virtual desk environments asset managements and stuff like that. So there's a lot of things which are considered edge devices and additionally we're also considering edge appliances. So appliance again something which you get from your manufacturer like a box which is plug in which works and it does its job and it's secure more or less and to put it all a bit more into perspective um what we want to talk today about is edge devices exploits and initial access. So basically what you can see here is a slide from Florian R. You maybe know him and he summarized all the common entry vectors. So on the top you can see fishing. I think you all know what fishing is. At the bottom, you

can see brute force like passwords, guessing, credential stuffing, all stuff like that. But we are targeting now the middle box, the exploitation. And to be precise, we're targeting this middle box, the vulnerable appliances like Ivanti, Fortnet, Cisco, and stuff like that. There are some other names. We're going to talk about them in a second. But this is the focus of our talk today. So how can you get as a threat actor initial access via a vulnerable appliance?