This course aims to teach learners how to identify vulnerabilities in industrial remote access solutions utilizing OpenVPN, which can potentially lead to remote code execution. The course covers topics such as the architecture of OpenVPN, identifying the problem with backend parsing, and preparing exploits. The teaching method involves a combination of theoretical explanations and practical examples. This course is intended for individuals interested in cybersecurity, particularly in industrial control systems and remote access solutions.
All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube
Overview
Syllabus
Intro
Agenda
Work From Home: The Industrial Version
Programmable Logic Controller
Remote Access Solution
Under the Hood: OpenVPN
OpenVPN Traffic
So What's the Problem?
Example to a Very Loose Backend Parser
But What About SOP and CORS?
Recap
OK. We Can Start VPN Tunnel, SO WHAT?
But the Config File Must Be Present on the Machine!
PerFact OpenVPN - Backend
Perfact OpenVPN - Architecture
Prepare Our Exploit - Step 1
HMS Networks
SEH 101
mbDIALUP launcher
Taught by
Hack in Paris
