The document discusses vulnerabilities in VNC implementations that allow unauthenticated access. It notes that a scan of the internet found over 335,000 VNC servers, with around 8,000 having no authentication. This lack of authentication allows attackers to access and "pivot" into internal networks. The document provides statistics on different VNC protocol versions found and describes exploits that could allow compromising devices to access additional internal systems through insecure VNC implementations and proxies.
What if the best place to defend a system, was also the best place to attack it?
Since the dark days of MS-DOS, the Network Driver Interface Specification (NDIS) API has been at the heart of Windows' kernel networking architecture. As the main bridge between the network adapter and the OS, NDIS drivers form the entrance gate to the system - and the natural place for AV and HIPS vendors to wedge in any traffic filtering functionality.
Unfortunately, NDIS is also a bewildering tangle of byzantine complexity, opaque structures and inadequate documentation, turning it into an explosive breeding ground for packet-parsing bugs and particularly nasty 0-days.
In this talk, we will disclose a remote code execution vulnerability in a leading AV vendor's NDIS driver, and show how we discovered similar vulnerabilities in other AV products. We will dig deep into Windows' kernel-mode networking architecture, and emerge with the knowledge - and the tools - to overcome NDIS' complexity and turn it into your next one-stop shop for RCE vulnerabilities in the Windows kernel.
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
This talk will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well a few of the available tools for layer 2 network protocols exploitation will be covered. Defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2 will be provided.
The (Io)Things you don't even need to hack. Should we worry?SecuRing
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
What if the best place to defend a system, was also the best place to attack it?
Since the dark days of MS-DOS, the Network Driver Interface Specification (NDIS) API has been at the heart of Windows' kernel networking architecture. As the main bridge between the network adapter and the OS, NDIS drivers form the entrance gate to the system - and the natural place for AV and HIPS vendors to wedge in any traffic filtering functionality.
Unfortunately, NDIS is also a bewildering tangle of byzantine complexity, opaque structures and inadequate documentation, turning it into an explosive breeding ground for packet-parsing bugs and particularly nasty 0-days.
In this talk, we will disclose a remote code execution vulnerability in a leading AV vendor's NDIS driver, and show how we discovered similar vulnerabilities in other AV products. We will dig deep into Windows' kernel-mode networking architecture, and emerge with the knowledge - and the tools - to overcome NDIS' complexity and turn it into your next one-stop shop for RCE vulnerabilities in the Windows kernel.
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
This talk will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well a few of the available tools for layer 2 network protocols exploitation will be covered. Defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2 will be provided.
The (Io)Things you don't even need to hack. Should we worry?SecuRing
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
Dag Sonstebo. Dag will give an overview of the pros and cons of working with KVM in a CloudStack environment, as well as diving deeper into installation, configuration, networking and storage options.
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
Making decisions today for tomorrow's technology—from DNS to AWS Direct Connect, ELBs to ENIs, VPCs to VPNs, the Cloud Network Engineering team at Netflix are resident subject matter experts for a myriad of AWS resources. Learn how a cross-functional team automates and manages an infrastructure that services over 125 million customers while evaluating new features that enable us to continue to grow through our next 100 million customers and beyond.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Paul takes a look at the relevance of NFV in CloudStack orchestrated environments and how CloudStack can be leveraged to both accelerate NFV delivery within operator organisations and also to deliver NFV functionality to end-users. Paul will discuss the core concepts of NFV, emerging standards and how these are relevant to CloudStack. He will also look in detail at a new initiative in CloudStack, allowing it to support complex virtualised network topologies for end-users.
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
Network analysis Using Wireshark Lesson 3: locating wiresharkYoram Orzach
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Hands-On Lab: CA Spectrum® 10.0 Deep Dive – 64-Bit, Network Virtualization an...CA Technologies
This session focuses on the new features released with CA Spectrum® 10.0. Participants will get to see in action and also play around the capabilities available with CA Spectrum support for 64-bit computing architectures, network virtualization and other cool features.
For more information, please visit http://cainc.to/Nv2VOe
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
A brief and simplified introduction to VPC and Networking within AWS.
Michael Pearce, DevOps Engineer @ Peak AI.
Disclaimer: Due to fast moving nature of AWS, may be out of date!
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
Graphic drivers and their related code are an essential component in every modern operating system. This particular component involves especially complex logic and a huge amount of code, simply because it must handle equally complex tasks.
As we know from history and experience huge and complex code is often also a security risk. Last but not least, in almost all the popular modern operating system, graphics code and logic is running in a highly privileged context such as the kernel, or even in a higher context, such as VMWare graphics component, which essentially implements your graphic card outside the guest into a host process.
Any mistake made into this highly privileged code can lead to a fatal outcome, especially considering that it is often reachable from interesting sandboxes, such as the browser ones. We will go through the internals for various graphic systems, to show similarities and differences, such as windows heart of graphics aka win32k, then OSX/iOS IOKit, and finally, WMWare emulated GPU graphic subsystem. We can then switch gear and showcase some vulnerabilities in these scenarios, discuss effective fuzzing methodologies both specific to a particular target and generic principles of fuzzing graphic subsystems as well.
Dag Sonstebo. Dag will give an overview of the pros and cons of working with KVM in a CloudStack environment, as well as diving deeper into installation, configuration, networking and storage options.
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
Making decisions today for tomorrow's technology—from DNS to AWS Direct Connect, ELBs to ENIs, VPCs to VPNs, the Cloud Network Engineering team at Netflix are resident subject matter experts for a myriad of AWS resources. Learn how a cross-functional team automates and manages an infrastructure that services over 125 million customers while evaluating new features that enable us to continue to grow through our next 100 million customers and beyond.
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
Paul takes a look at the relevance of NFV in CloudStack orchestrated environments and how CloudStack can be leveraged to both accelerate NFV delivery within operator organisations and also to deliver NFV functionality to end-users. Paul will discuss the core concepts of NFV, emerging standards and how these are relevant to CloudStack. He will also look in detail at a new initiative in CloudStack, allowing it to support complex virtualised network topologies for end-users.
The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors.
Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?
Network analysis Using Wireshark Lesson 3: locating wiresharkYoram Orzach
L2/L3 network operation
Where to locate Wireshark
Taps and port-mirror
Local and remote monitoring
Capture data from multiple interfaces
Capture data on virtual machines
Yoram Orzach is Experienced Instructor in the areas of IP technologies, network design, network analysis and optimization and network forensics, providing courses based on strong theoretical background and real-world case studies, based on many years of training and field experience world-wide.
Hands-On Lab: CA Spectrum® 10.0 Deep Dive – 64-Bit, Network Virtualization an...CA Technologies
This session focuses on the new features released with CA Spectrum® 10.0. Participants will get to see in action and also play around the capabilities available with CA Spectrum support for 64-bit computing architectures, network virtualization and other cool features.
For more information, please visit http://cainc.to/Nv2VOe
Skyjacking A Cisco Wlan Attack Analysis And CountermeasuresAirTight Networks
This presentation will deconstruct the skyjacking vulnerability - explaining why the vulnerability occurs in Cisco WLANs, which Cisco access points are affected, how skyjacking can be exploited to launch potent attacks, and what are the best practices to proactively protect your enterprise network against such zero-day vulnerabilities and attacks.
A brief and simplified introduction to VPC and Networking within AWS.
Michael Pearce, DevOps Engineer @ Peak AI.
Disclaimer: Due to fast moving nature of AWS, may be out of date!
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
Graphic drivers and their related code are an essential component in every modern operating system. This particular component involves especially complex logic and a huge amount of code, simply because it must handle equally complex tasks.
As we know from history and experience huge and complex code is often also a security risk. Last but not least, in almost all the popular modern operating system, graphics code and logic is running in a highly privileged context such as the kernel, or even in a higher context, such as VMWare graphics component, which essentially implements your graphic card outside the guest into a host process.
Any mistake made into this highly privileged code can lead to a fatal outcome, especially considering that it is often reachable from interesting sandboxes, such as the browser ones. We will go through the internals for various graphic systems, to show similarities and differences, such as windows heart of graphics aka win32k, then OSX/iOS IOKit, and finally, WMWare emulated GPU graphic subsystem. We can then switch gear and showcase some vulnerabilities in these scenarios, discuss effective fuzzing methodologies both specific to a particular target and generic principles of fuzzing graphic subsystems as well.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2. Stargate: pivoting through VNC to own internal networks 2
@ydklijnsma
Yonathan Klijnsma
Shodan professional, VNC voyeur,
watches attackers and contemplates
their motives.
@Viss
Dan Tentler
Dark overlord of Shodan, VNC voyeur,
security guy with a security company.
3. Stargate: pivoting through VNC to own internal networks
3
Shit on the internet is getting pretty bad….
3
Welcome to the internet - we shall be your guides
14. Stargate: pivoting through VNC to own internal networks
14
Everything is being invented again
14
- They have Wifi
- They have telnet
- Nobody added authentication
- There is actually a CVE for not having authentication
- WHAT.
15. Stargate: pivoting through VNC to own internal networks
15
They aren’t getting it, hackers are having fun.
15
16. Stargate: pivoting through VNC to own internal networks
16
Besides ancient industrial devices we see new ‘toys’
16
17. Stargate: pivoting through VNC to own internal networks
17
Besides ancient industrial devices we see new ‘toys’
17
18. Stargate: pivoting through VNC to own internal networks
18
Besides ancient industrial devices we see new ‘toys’
18
19. Stargate: pivoting through VNC to own internal networks
19
German 'Sonnenbatterie' solar-cell power storage systems
19
27. Stargate: pivoting through VNC to own internal networks
27
Lets look at some statistics for VNC
27
Decided to scan the globe (with some Shodan help) for the RFB protocol
header. It came back with 335K~ results, of those there are 8K~ which use
no authentication.
28. Stargate: pivoting through VNC to own internal networks
28
Lets look at some statistics for VNC
28
RFB 002.000
RFB 003.002
RFB 003.003
RFB 003.004
RFB 003.005
RFB 003.006
RFB 003.007
RFB 003.008
RFB 003.010
RFB 003.016
RFB 003.033
RFB 003.039
RFB 003.043
RFB 003.130
RFB 003.236
RFB 003.889
RFB 004.000
RFB 004.001
RFB 005.000
RFB 009.123
RFB 009.221
RFB 009.963
RFB 103.006
0 40000 80000 120000 160000
These should not exist?!
29. Stargate: pivoting through VNC to own internal networks
29
Lets look at some statistics for VNC
29
RFB 002.000
RFB 003.002
RFB 003.003
RFB 003.004
RFB 003.005
RFB 003.006
RFB 003.007
RFB 003.008
RFB 003.010
RFB 003.016
RFB 003.033
RFB 003.039
RFB 003.043
RFB 003.130
RFB 003.236
RFB 003.889
RFB 004.000
RFB 004.001
RFB 005.000
RFB 009.123
RFB 009.221
RFB 009.963
RFB 103.006
0 40000 80000 120000 160000
Apple remote desktop
RealVNC Personal
RealVNC Enterprise
?
30. Stargate: pivoting through VNC to own internal networks
30
Lets look at some statistics for VNC
30
RFB 002.000
RFB 003.002
RFB 003.003
RFB 003.004
RFB 003.005
RFB 003.006
RFB 003.007
RFB 003.008
RFB 003.010
RFB 003.016
RFB 003.033
RFB 003.039
RFB 003.043
RFB 003.130
RFB 003.236
RFB 003.889
RFB 004.000
RFB 004.001
RFB 005.000
RFB 009.123
RFB 009.221
RFB 009.963
RFB 103.006
0 40000 80000 120000 160000
Something else was responding with “RFB 000.000”
3.5K somethings named ‘RealVNC repeaters’.
51. Stargate: pivoting through VNC to own internal networks
51
Talked to vendor
51
• Fixed port wrapping
• Will not enforceVNC because own product will stop working
• Will enforce whitelisting instead of blacklisting (I think)
Product will stay as it is, a plain TCP proxy without inspection.
52. Stargate: pivoting through VNC to own internal networks
52
I see your black/white listing but I don’t like it
52
curl "http://localhost/testaction.cgi?
mode2=mode2&server_port=5901&viewer_port=5500&allow_on=all
ow_on&allow_con=&refuse_con=&id_con=&web_port=80&hidden=
" -H "Authorization: BasicYWRtaW46YWRtaW5hZG1pMg=="
53. Stargate: pivoting through VNC to own internal networks
53
Do not run this.
53
We call this ‘vulnerability’ stargate, you never know where you end
up :)
It's an open proxy, and can be used to pivot into environments.
54. Stargate: pivoting through VNC to own internal networks
54
Have fun!
54
Here are our (horrible) Python scripts, use at own caution and always:
don’t abuse it (too much):
https://www.github.com/0x3a/stargate/
And if you manage to use this in a pentest please tell us the war-stories :D