Do Not Trust the ASA, Trojans!

Presented at DEF CON 30 (2022), Aug. 13, 2022, 1:30 p.m. (45 minutes).

Cisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet it’s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.

In this talk, new vulnerabilities affecting the Cisco ASA will be presented. We’ll exploit the firewall, the system’s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewall’s trustworthiness.

The talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.


Presenters:

  • Jacob Baines - Lead Security Researcher, Rapid7
    Jacob Baines is a Lead Security Researcher at Rapid7 and a member of the Emergent Threat Response team. As part of his daily duties, Jacob conducts n-day and zero-day vulnerability research on important or impactful systems. He particularly enjoys sharing findings with the security community and developing Metasploit exploits. Jacob has been active in the Security field for well over a decade. He’s held positions as a developer, reverse engineer, and vulnerability researcher. As a vulnerability researcher, Jacob has had the good fortune to publish and present his research which varies from embedded system exploitation, web application attacks, and Windows vulnerabilities.

Links:

Similar Presentations: