Keynote - NAT Pinning: bypassing routers/firewalls via web+NAT abuse

Presented at ShellCon 2019, Oct. 12, 2019, 9 a.m. (50 minutes).

This talk will go over a new tool I'm releasing, NAT Pinning v2. NAT Pinning allows an attacker to remotely access any TCP/UDP services bound on a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. It uses multiple techniques to be cross-platform, cross-browser, and multi-protocol. Some areas we'll cover:

NAT (Network Address Translation)

Router Investigation

Firmware Dumping

Reverse Engineering Firmware

Network Protocol Investigation

Browser Protocols

Timing Attacks


Presenters:

  • Samy Kamkar
    Samy Kamkar is an independent security researcher, sometimes known for creating The MySpace Worm, one of the fastest spreading viruses of all time. His open source software, hardware, and research highlight the insecurities and privacy implications in everyday technologies, from the Evercookie, which produces virtually immutable respawning cookies, to SkyJack, a drone that wirelessly hijacks and autonomously controls any other drones within wireless distance. His work has been cited by the NSA, triggered hearings on Capitol Hill, and has been the basis for security advancements across major web browsers, smartphones, and vehicles.

Links:

Similar Presentations: