DEF CON 31 - Defeating VPN Always On - Maxime Clementz

preview_player
Показать описание
VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.

We will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by untrusted networks.
  1. DEFCONConference
  2. DEF
  3. CON
  4. DEFCON
  5. DEF CON
  6. hacker conference
Рекомендации по теме
DEF CON 31 0:40:07

DEF CON 31 - Defeating VPN Always On - Maxime Clementz

DEF CON 31 0:37:23

DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan - byt3bl3...

DEF CON 31 0:42:19

DEF CON 31 - Smashing the State Machine the True Potential of Web Race Conditions - James Kettle

DEF CON 31 0:44:37

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe Slowik

DEF CON 31 0:37:01

DEF CON 31 - Physical Attacks Against Smartphones - Christopher Wade

DEF CON 31 0:46:03

DEF CON 31 War Stories - The Risks of Pointing Out the Emperor is Buck Naked - Renderman, Tom Dang

DEF CON 31 0:19:54

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn

DEF CON 31 0:23:23

DEF CON 31 - Snoop On To Them, As They Snoop On To Us - Alan Meekins

DEF CON 31 0:40:08

DEF CON 31 Defeating VPN Always On Maxime Clementz

DEF CON 31 0:00:17

DEF CON 31 Hack the Box Interview

DEF CON 31 0:41:59

DEF CON 31 - Runtime Riddles - Abusing Manipulation Points in the Android Source - Laurie Kirk

DEF CON 31 0:34:09

DEF CON 31 War Stories - A Series of Unfortunate Events - Ben Sadeghipour, Corben Leo

DEF CON 31 0:43:28

DEF CON 31 War Stories - Nuthin But A G Thang Evolution of Cellular Networks - Tracy Mosley

Policy @ DEF 0:04:16

Policy @ DEF CON 31

DEF CON 31 0:42:47

DEF CON 31 - Badge of Shame Breaking into Secure Facilities with OSDP -Dan Petro, David Vargas

DEF CON 31 0:45:57

DEF CON 31 - Advanced ROP Framework Pushing ROP to Its Limits - Brizendine, Kusuma

DEF CON 31 0:39:49

DEF CON 31 - Ringhopper - How We Almost Zero day’d the World - Benny Zeltser, Jonathan Lusky

DEF CON 31 0:39:44

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep Rodriguez

DEF CON 31 0:44:24

DEF CON 31 - Exploring Linux Memory Manipulation for Stealth and Evasion - Polop, Gutierrez

DEF CON 31 0:37:57

DEF CON 31 - Unlocking Doors from Half a Continent Away - Trevor Stevado, Sam Haskins

DEF CON 31 0:40:22

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts

DEF CON 31 0:26:56

DEF CON 31 Recon Village - Jason Haddix - Easy EASM The Zero-Dollar Attack Surface Management Tool

DEF CON 31 0:44:25

DEF CON 31 - Vacuum Robot Security & Privacy Prevent yr Robot from Sucking Your Data - Dennis G...

DEF CON 31 0:43:39

DEF CON 31 - A Pain in the NAS Exploiting Cloud Connectivity to PWN your NAS - Moshe, Brizinov

Комментарии
Автор

you had be hooked at "Hello everyone, I'm very happy to be there"

domnovoi