PreAuth RCE Chains on an MDM: KACE SMA

Presented at DEF CON 30 (2022), Aug. 14, 2022, noon (45 minutes)

MDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an “instant win” target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.

Presenters:

• Jeffrey Hofmann - Security Engineer at Nuro
  Jeffrey Hofmann is a Security Engineer at Nuro who loves to do security research both on and off the clock. He has a background in penetration testing and a passion for exploit development/reverse engineering.

Links:

• https://forum.defcon.org/node/242210
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Jeffrey Hofmann - PreAuth RCE Chains on an MDM - KACE SMA.mp4
• https://infocon.org/cons/DEF CON/DEF CON 30/DEF CON 30 video and slides/DEF CON 30 - Jeffrey Hofmann - PreAuth RCE Chains on an MDM - KACE SMA.srt (subtitles)
• https://www.youtube.com/watch?v=vPVtC7VHEmU

Similar Presentations:

• Black Hat USA 2011 / Inside Apple's MDM Black Box
• Black Hat USA 2018 / A Deep Dive into macOS MDM (and How it can be Compromised)
• Black Hat USA 2014 / Mobile Device Mismanagement