Mar 23

Pen Test Perfect Storm 6: We Love Cisco!

Today, Kevin Johnson, Ed Skoudis and I delivered the 6th part of the Pen Test Perfect Storm Trilogy: We Love Cisco!.

In the webcast, hosted by CORE Security Technologies, we discussed attack techniques against Cisco devices, combining wireless, network and web app techniques to exploit common network architectures. Topics include:

  • Enumerating SNMP Community strings
  • Retrieving Cisco router or switch configurations over SNMP
  • History of vulnerabilities in the Cisco Wireless LAN Controller
  • Exploiting Cisco Web App interfaces with Burp Proxy and Burp Intruder
  • Exploiting Cisco Voice VLAN’s with voiphopper
  • A practical scenario, combining network, wireless and web app attack techniques

CORE is busy putting together the recording that you can download and watch at your leisure, but in the meantime you can grab the slides in the Presentations section, or directly here. All past presentations in PDF form are also available in the presentations section, or at the CORE Security Technologies webcast archive page.

Thanks to all who attended the webcast today!