Exploiting Vulnerable Appliances: Threat Actor's Initial Access #shorts

So on the top you can see fishing. I think you all know what fishing is. At the bottom you can see brute force like passwords guessing credential stuffing all stuff like that. But we are targeting now the middle box the exploitation. And to be precise we're targeting this middle box of vulnerable appliances like Ivanti Fortnet Cisco and stuff like that. There are some other names. We're going to talk about them in a second. But [snorts] this is the focus of our talk today. So how can you get as a threat actor initial access via a vulnerable appliance? >> Thank you very much. Okay, let's first establish some context on um why this topic actually matters. Um first from

the perspective from an attacker. So uh edge devices are usually quite easy to compromise. uh yet it is difficult for the defenders or the the victim to detect the actual actors uh to internal resources uh and that they're present. Also a big issue with these edge devices is that their operating system and software are very outdated. Um I brought an example from Ivanti Connect Secure which is a VPN appliance. Um it has a pearl version of version 5.6.1 6.1 32bit which was built in April 2001 and I'm pretty confident there are people here in the room that are younger than this. Uh so that tells you everything I guess. Uh also most of these devices lack basic

expert mitigations. Um so this is far off from those mitigations that we see on modern desktop platforms. And lastly these appliances are extremely volatile. um a reboot or software update could wipe all forensic evidence that an actor even accessed the device um any time in the past and forensics is very challenging and timeconuming on these devices. So yeah, that's why we're