Keynote - NAT Pinning: bypassing routers/firewalls via web+NAT abuse

Presented at ShellCon 2019, Oct. 12, 2019, 9 a.m. (50 minutes)

This talk will go over a new tool I'm releasing, NAT Pinning v2. NAT Pinning allows an attacker to remotely access any TCP/UDP services bound on a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. It uses multiple techniques to be cross-platform, cross-browser, and multi-protocol. Some areas we'll cover:

NAT (Network Address Translation)

Router Investigation

Firmware Dumping

Reverse Engineering Firmware

Network Protocol Investigation

Browser Protocols

Timing Attacks

Presenters:

• Samy Kamkar
  Samy Kamkar is an independent security researcher, sometimes known for creating The MySpace Worm, one of the fastest spreading viruses of all time. His open source software, hardware, and research highlight the insecurities and privacy implications in everyday technologies, from the Evercookie, which produces virtually immutable respawning cookies, to SkyJack, a drone that wirelessly hijacks and autonomously controls any other drones within wireless distance. His work has been cited by the NSA, triggered hearings on Capitol Hill, and has been the basis for security advancements across major web browsers, smartphones, and vehicles.

Links:

• https://2019.shellcon.io/talks/keynote/
• https://infocon.org/cons/ShellCon/ShellCon 2019/2019 Keynote NAT Pinning bypassing routers firewalls via web+NAT abuse.mp4
• https://infocon.org/cons/ShellCon/ShellCon 2019/2019 Keynote NAT Pinning bypassing routers firewalls via web+NAT abuse.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=1Ajwdb2kqWk

Similar Presentations:

• DEF CON 9 (2001) / NAT For Newbies and Not-So-Newbies: A Tutorial
• DEF CON 10 (2002) / Black Ops of TCP/IP: Work NAT, Work. Good NAT. Woof
• ToorCon San Diego TwentyOne (2019) / NAT Pinning 2.0: bypassing routers & firewalls via web+NAT abuse