Hunting Bugs in the Tropics
who: Daniel Jensen
when: Fri, 12 Nov 2021 17:00:00 +1300
where: The Michael Fowler Centre
Aruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.
Over the past couple of years, I’ve been hunting for vulnerabilities in some of Aruba’s on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces.
This talk will explore some of the vulnerabilities I’ve found in various products in the Aruba range, and include details of their exploitation. I’ll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.
Daniel (aka dozer) works as a security consultant at a large cybersecurity company. After a brief sojourn abroad he has returned, and now lives in Auckland. His favourite animal is the goose.