SlideShare a Scribd company logo

Mpls hacking security Myth

idsecconf
idsecconf

MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network - Gcsf

Technology
1 of 23
Download to read offline
MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network gcsf@nowhere
WHY?  TELCO Technology? Industry, Community, Academic?  Ask Others to also share their high quality research  Taking Indonesian Hacking Scene to The Higher Level (?)
MPLS?  MPLS is routing mechanism in high-performance network backbone  Route the data traffic from a node to the next node based on short path labels  Avoiding complex forwarding mechanism in routing table  Operate in between layer 2 and layer 3 (OSI model), taking advantage on the layer 2 switching performance and layer 3 routing scalability  MPLS Architecture is very well written on RFC 3031
MPLS Terminology?  Label Distribution Protocol (LDP)  Label Switched Path (LSP)  Label Switching Router (LSR)  Label Edge Router (LER) / MPLS Edge Node  Virtual Routing & Forwarding (VRF)  CE/PE/P Router  MORE? (We only describe terminology used in this document)
MPLS In Simple
MPLS Usage  Virtual Private Routed Network (VPRN) – L3VPN  Virtual Private LAN Service (VPLS) – L2VPN  Virtual Leased Line (VLL)  Traffic Engineering  In order to limit this presentation, we will only discuss L3VPN
MPLS In Broadband Network
Myth - MPLS Hacking & Security?  Provider Edge (PE) router  Encryption support  Traffic Sniffing  MPLS Label  Label Distribution Protocol  Border Gateway Protocol REFERENCE : ERNW.DE
PE Router • Usually to be shared among customers • Multiple CE router from multiple customers is connected to the single PE router • Still, the security relies on the trust model of provider private network • Missing configuration of PE router? (E.G: Mgmt Access) • A customer sending crafted packet to PE to deny services
Encryption Support  MPLS doesn’t provide encryption mechanism  Encryption of traffic in core telco relies on the encryption mechanism of higher OSI level  The security relies on the trust model of provider private network  There are some appliance that can be used to help the traffic encryption (Eg: SafeNet, Senetas)  IPSEC over MPLS?
Traffic Sniffing?  P/PE Router?  Remember, by default no encryption support!  Cisco Embeded Packet Capture (EPC)  Cisco “debug packet” with hiden option “dump”  Juniper “set forwarding-options packet-capture”  Port Mirroring is commonly used  Appliance is also commonly used (E.g: VSS, NetOptics)  DPI? LI?
Network Tapping DPI Device Encryption
MPLS Label • Injection of labeled traffic from customer CE router – RFC 2547, labeled traffic from non trusted sources must be discarded • Injection of labeled traffic from Internet – Again RFC 2547, labeled traffic from non trusted sources must be discarded • MPLS label rewriting in MPLS backbone – Possible, can be reproduced in the Lab, hard (impossible?) to implement in the real backbone
MPLS Label Rewrite  MPLS, as previously stated, use label to forward traffic  VRF “Black” & “Blue” in PE, store routing table virtually separated, hence overlap network between Bank “Black” & Bank “Blue” can be forwarded correctly  Bank “Black” can only communicate with Bank “Black” using VRF Black  Bank “Blue” can only communicate with Bank “Blue” using VRF Black
MPLS Label Rewrite  Someone in “Man In The Middle” position between PE1 & PE2 can rewrite the MPLS Label  Whoever they are, they can redirect traffic so Bank “Black” can communicate with Bank “Blue”  Bank “Black” has overlap network with Bank “Blue”  Hence, VRF “Black” and “Blue” has same routing entry  Attacker change label for traffic PE1 to PE2 with 21 & PE2 to PE1 with 15 (see table)  PE2 only know that traffic from PE1 with label 21 is for Bank “Blue”  PE1 only know that traffic from PE2 with label 15 is for Bank “Black”  Bank “Black” can communicate with Bank “Blue”  Reproduce in lab, hard (impossible?) in real MPLS network
Label Distribution Protocol • Protocol used by MPLS routers to exchange label mapping information • UDP 646 for Hello, TCP 646 for establishing LDP Session • Two MPLS routers that established LDP session called LDP Peers • Exchange of information (advertisement) is bi-directional between LDP Peers • Very well documented on RFC 5036 LDP Session Establishment (SRC: Wikipedia)  Discovery Message  Session Message  Advertisement Message  Notification Message
LDP Message Injection • LDP is used to maintain LSP databases that are used to forward traffic through MPLS Network • How if someone can inject label mapping message to LSR? • Attacker needs access to the MPLS backbone so he can: 1. Announce & maintain the presence of LSR (Hello/Discovery Message) 2. Establish & maintain LDP session (Session Message) 3. Send advertisement with label mapping message & change label database to redirect the traffic  • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
Border Gateway Protocol • MP-BGP, in MPLS network, usually runs between PE router • It is used to route network which their routing table is in VRF • Attacker needs access to MPLS backbone either for: – Intercept & tamper initial MP-BGP exchange OR – Withdraw routes & insert new one (BGP Update with spoofed NLRI) • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
AN EXAMPLE PROVIDED BY LOKI PROJECT/ERNW.DE  MPLS (We Only Use This For The Document) ◦ LDP, MPLS Label Rewrite  ROUTING ◦ RIP, OSPF, EIGRP, BGP  HOT-STANDBY ◦ HSRP, HSRPv2, BFD, VRRP, VRRPv3  ARP  Spoofing, MAC Flooding  ICMPv6  DOT1Q  TCP-MD5
DEMO
DEMO TOPOLOGY
DISCUSSION?! Q & A
THANK YOU 

Recommended

Network security
Network security Network security
Network security Madhumithah Ilango
 
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBGA Cyber Security
 
Zafiyet tespiti ve sizma yöntemleri
Zafiyet tespiti ve sizma yöntemleriZafiyet tespiti ve sizma yöntemleri
Zafiyet tespiti ve sizma yöntemleriEPICROUTERS
 
Ağ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziAğ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziBGA Cyber Security
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9BGA Cyber Security
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 

Recommended

Network security
Network security Network security
Network security Madhumithah Ilango
 
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İnceleme
Bilişim Sistemlerinde Adli Bilişim Analizi ve Bilgisayar Olayları İncelemeBGA Cyber Security
 
Zafiyet tespiti ve sizma yöntemleri
Zafiyet tespiti ve sizma yöntemleriZafiyet tespiti ve sizma yöntemleri
Zafiyet tespiti ve sizma yöntemleriEPICROUTERS
 
Ağ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziAğ Protokollerine Yönelik Adli Bilişim Analizi
Ağ Protokollerine Yönelik Adli Bilişim AnaliziBGA Cyber Security
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Super Easy Memory Forensics
Super Easy Memory ForensicsSuper Easy Memory Forensics
Super Easy Memory ForensicsIIJ
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 7, 8, 9BGA Cyber Security
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Ağ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit SistemleriAğ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit SistemleriCihat Işık
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıBGA Cyber Security
 
Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache PoisoningSubhash Kumar Singh
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocolAjit Dadresa
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyNapier University
 
Sızma Testleri Sonuç Raporu
Sızma Testleri Sonuç RaporuSızma Testleri Sonuç Raporu
Sızma Testleri Sonuç RaporuBGA Cyber Security
 
Hardware Security
Hardware SecurityHardware Security
Hardware SecurityMani Rathnam
 
Arp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyetiArp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyetiBGA Cyber Security
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishRoman Oliynykov
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMABGA Cyber Security
 
MPLS
MPLSMPLS
MPLSMd Khaleduzzaman
 
MPLS-jpl.ppt
MPLS-jpl.pptMPLS-jpl.ppt
MPLS-jpl.pptdemon667714
 

More Related Content

What's hot

Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15BGA Cyber Security
 
Ağ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit SistemleriAğ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit SistemleriCihat Işık
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBGA Cyber Security
 
OpenVAS
OpenVASOpenVAS
OpenVASsvm
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıBGA Cyber Security
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Arp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyetiArp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyetiBGA Cyber Security
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishRoman Oliynykov
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxArifinChowdhury2
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMABGA Cyber Security
 

What's hot (20)

Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
Beyaz Şapkalı Hacker CEH Eğitimi - Bölüm 13, 14, 15
 
Ağ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit SistemleriAğ Tabanlı Saldırı Tespit Sistemleri
Ağ Tabanlı Saldırı Tespit Sistemleri
 
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware SaldırılarıBir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
Bir Ransomware Saldırısının Anatomisi. A'dan Z'ye Ransomware Saldırıları
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama KitabıWeb ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
Web ve Mobil Uygulama Güvenlik Testleri Eğitimi Uygulama Kitabı
 
Arp Cache Poisoning
Arp Cache PoisoningArp Cache Poisoning
Arp Cache Poisoning
 
Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocol
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Arpspoofing
ArpspoofingArpspoofing
Arpspoofing
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Sızma Testleri Sonuç Raporu
Sızma Testleri Sonuç RaporuSızma Testleri Sonuç Raporu
Sızma Testleri Sonuç Raporu
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
 
Arp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyetiArp protokolu ve guvenlik zafiyeti
Arp protokolu ve guvenlik zafiyeti
 
Kalyna block cipher presentation in English
Kalyna block cipher presentation in EnglishKalyna block cipher presentation in English
Kalyna block cipher presentation in English
 
Network security
Network securityNetwork security
Network security
 
Network Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptxNetwork Traffic Analysis With Wireshark.pptx
Network Traffic Analysis With Wireshark.pptx
 
GÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMAGÜVENLİK SİSTEMLERİNİ ATLATMA
GÜVENLİK SİSTEMLERİNİ ATLATMA
 

Similar to Mpls hacking security Myth

VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS TechniqueAhmad Atta
 
Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)RAHIL REYAZ
 
Broadband Network Presentation
Broadband Network PresentationBroadband Network Presentation
Broadband Network PresentationMuhammad Faisal
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering pptNitin Gehlot
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switchingseanraz
 

Similar to Mpls hacking security Myth (20)

MPLS
MPLSMPLS
MPLS
 
MPLS-jpl.ppt
MPLS-jpl.pptMPLS-jpl.ppt
MPLS-jpl.ppt
 
VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS Technique
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)
 
yun-MPLS.ppt
yun-MPLS.pptyun-MPLS.ppt
yun-MPLS.ppt
 
Broadband Network Presentation
Broadband Network PresentationBroadband Network Presentation
Broadband Network Presentation
 
MPLS
MPLSMPLS
MPLS
 
Mpls
MplsMpls
Mpls
 
Mpls
MplsMpls
Mpls
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering ppt
 
MPLS-extra.ppt
MPLS-extra.pptMPLS-extra.ppt
MPLS-extra.ppt
 
MPLS
MPLSMPLS
MPLS
 
Switching systems lecture8 mpls
Switching systems lecture8 mplsSwitching systems lecture8 mpls
Switching systems lecture8 mpls
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - Basic
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
QOS of MPLS
QOS of MPLSQOS of MPLS
QOS of MPLS
 
J010136172
J010136172J010136172
J010136172
 
MPLS.pptx
MPLS.pptxMPLS.pptx
MPLS.pptx
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switching
 

More from idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfidsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfidsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...idsecconf
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...idsecconf
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfidsecconf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidadaidsecconf
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaidsecconf
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwiantoidsecconf
 

More from idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Mpls hacking security Myth

  • 1. MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network gcsf@nowhere
  • 2. WHY?  TELCO Technology? Industry, Community, Academic?  Ask Others to also share their high quality research  Taking Indonesian Hacking Scene to The Higher Level (?)
  • 3. MPLS?  MPLS is routing mechanism in high-performance network backbone  Route the data traffic from a node to the next node based on short path labels  Avoiding complex forwarding mechanism in routing table  Operate in between layer 2 and layer 3 (OSI model), taking advantage on the layer 2 switching performance and layer 3 routing scalability  MPLS Architecture is very well written on RFC 3031
  • 4. MPLS Terminology?  Label Distribution Protocol (LDP)  Label Switched Path (LSP)  Label Switching Router (LSR)  Label Edge Router (LER) / MPLS Edge Node  Virtual Routing & Forwarding (VRF)  CE/PE/P Router  MORE? (We only describe terminology used in this document)
  • 6. MPLS Usage  Virtual Private Routed Network (VPRN) – L3VPN  Virtual Private LAN Service (VPLS) – L2VPN  Virtual Leased Line (VLL)  Traffic Engineering  In order to limit this presentation, we will only discuss L3VPN
  • 8. Myth - MPLS Hacking & Security?  Provider Edge (PE) router  Encryption support  Traffic Sniffing  MPLS Label  Label Distribution Protocol  Border Gateway Protocol REFERENCE : ERNW.DE
  • 9. PE Router • Usually to be shared among customers • Multiple CE router from multiple customers is connected to the single PE router • Still, the security relies on the trust model of provider private network • Missing configuration of PE router? (E.G: Mgmt Access) • A customer sending crafted packet to PE to deny services
  • 10. Encryption Support  MPLS doesn’t provide encryption mechanism  Encryption of traffic in core telco relies on the encryption mechanism of higher OSI level  The security relies on the trust model of provider private network  There are some appliance that can be used to help the traffic encryption (Eg: SafeNet, Senetas)  IPSEC over MPLS?
  • 11. Traffic Sniffing?  P/PE Router?  Remember, by default no encryption support!  Cisco Embeded Packet Capture (EPC)  Cisco “debug packet” with hiden option “dump”  Juniper “set forwarding-options packet-capture”  Port Mirroring is commonly used  Appliance is also commonly used (E.g: VSS, NetOptics)  DPI? LI?
  • 13. MPLS Label • Injection of labeled traffic from customer CE router – RFC 2547, labeled traffic from non trusted sources must be discarded • Injection of labeled traffic from Internet – Again RFC 2547, labeled traffic from non trusted sources must be discarded • MPLS label rewriting in MPLS backbone – Possible, can be reproduced in the Lab, hard (impossible?) to implement in the real backbone
  • 14. MPLS Label Rewrite  MPLS, as previously stated, use label to forward traffic  VRF “Black” & “Blue” in PE, store routing table virtually separated, hence overlap network between Bank “Black” & Bank “Blue” can be forwarded correctly  Bank “Black” can only communicate with Bank “Black” using VRF Black  Bank “Blue” can only communicate with Bank “Blue” using VRF Black
  • 15. MPLS Label Rewrite  Someone in “Man In The Middle” position between PE1 & PE2 can rewrite the MPLS Label  Whoever they are, they can redirect traffic so Bank “Black” can communicate with Bank “Blue”  Bank “Black” has overlap network with Bank “Blue”  Hence, VRF “Black” and “Blue” has same routing entry  Attacker change label for traffic PE1 to PE2 with 21 & PE2 to PE1 with 15 (see table)  PE2 only know that traffic from PE1 with label 21 is for Bank “Blue”  PE1 only know that traffic from PE2 with label 15 is for Bank “Black”  Bank “Black” can communicate with Bank “Blue”  Reproduce in lab, hard (impossible?) in real MPLS network
  • 16. Label Distribution Protocol • Protocol used by MPLS routers to exchange label mapping information • UDP 646 for Hello, TCP 646 for establishing LDP Session • Two MPLS routers that established LDP session called LDP Peers • Exchange of information (advertisement) is bi-directional between LDP Peers • Very well documented on RFC 5036 LDP Session Establishment (SRC: Wikipedia)  Discovery Message  Session Message  Advertisement Message  Notification Message
  • 17. LDP Message Injection • LDP is used to maintain LSP databases that are used to forward traffic through MPLS Network • How if someone can inject label mapping message to LSR? • Attacker needs access to the MPLS backbone so he can: 1. Announce & maintain the presence of LSR (Hello/Discovery Message) 2. Establish & maintain LDP session (Session Message) 3. Send advertisement with label mapping message & change label database to redirect the traffic  • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
  • 18. Border Gateway Protocol • MP-BGP, in MPLS network, usually runs between PE router • It is used to route network which their routing table is in VRF • Attacker needs access to MPLS backbone either for: – Intercept & tamper initial MP-BGP exchange OR – Withdraw routes & insert new one (BGP Update with spoofed NLRI) • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
  • 19. AN EXAMPLE PROVIDED BY LOKI PROJECT/ERNW.DE  MPLS (We Only Use This For The Document) ◦ LDP, MPLS Label Rewrite  ROUTING ◦ RIP, OSPF, EIGRP, BGP  HOT-STANDBY ◦ HSRP, HSRPv2, BFD, VRRP, VRRPv3  ARP  Spoofing, MAC Flooding  ICMPv6  DOT1Q  TCP-MD5
  • 20. DEMO