SecDocs Feed for author Daniel Mende

[Paper] Burning Asgard - What happens when Loki breaks free

Wed, 21 Sep 2011 20:39:50 +0200

Authors: Daniel Mende Enno Rey
Tags: network routing exploiting
Event: Black Hat USA 2010
Abstract: I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). It's a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. After outlining Loki's inner architecture we'll give insight into several modules and discuss some particularly interesting attacks in the routing protocol space (e.g. cracking OSPF MD5 keys, injection of routes into OSPF and EIGRP environments etc.). Furthermore we'll describe vulnerabilities in lesser known protocols like VRRP. Every attack we mention will be shown in a practical demo and - of course - Loki will be released right after our talk.

[Slides] Burning Asgard - What happens when Loki breaks free

Wed, 21 Sep 2011 20:39:34 +0200

[Slides] Attacking Cisco Enterprise WLANs

Fri, 01 Oct 2010 10:25:00 +0200

Authors: Daniel Mende Oliver Roeschke
Tags: network Cisco
Event: Hack In The Box 2010 Dubai

[Paper] Hacking Cisco Enterprise WLANs

Mon, 21 Jun 2010 02:12:19 +0200

Authors: Daniel Mende Enno Rey
Tags: network Cisco
Event: Black Hat EU 2010
Abstract: The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. Cisco's solutions, from the early Structured Wireless-Aware Network (SWAN) to the current Cisco Wireless Unified Networking (CUWN) architectures, only partly differ here. In this talk we describe the inner workings of these solutions, dissect the vulnerable parts and discuss theoretical and practical attacks, with some nice demos. A new tool automating a number of attacks (incl. taking over the WDS master role, extracting WPA pairwise master keys from intra-AP communication etc) will be released at Black Hat Europe.

[Slides] Hacking Cisco Enterprise WLANs

Mon, 21 Jun 2010 02:12:18 +0200

[Video] All Your Packets Are Belong to Us

Sat, 17 Oct 2009 12:18:00 +0200

Authors: Daniel Mende Simon Rich
Tags: network MPLS BGP
Event: HAR 2009
Abstract: The year 2008 has seen some severe attacks on infrastructure protocols (SNMP, DNS, BGP). We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today's carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It's about making the theoretical practical, once more!

[Slides] All Your Packets Are Belong to Us

Sat, 17 Oct 2009 12:07:00 +0200