Presented at
THOTCON 0x4 (2013),
April 26, 2013, 4 p.m.
(25 minutes)
A lot of talks focus on the shiny new tech (*cough* Android *cough*). It’s understandable. If as a researcher you find 0day in this months latest hot technology you are almost certainly getting press coverage, which means either your salary / day rate is increasing, or you are getting a better job. Sadly, so called ‘legacy’ technology is often ignored (it certainly isn’t mentioned much in most talks or books). Organisations that provide critical infrastucture do not ignore legacy technology, and neither should any penetration tester that claims to know their craft. This talk will look at some of the more often ignored legacy systems, and how to assess them without knocking over huge chunks of an internal estate. Topics covered will include, AS400, why RFI still works, VMS, PBX, X.25, SCADA PLCs, and all manner of ‘old’ stuff you can find deployed in the real world. There will be no *significant* 0day (although the author does have some juicy details on SCADA systems and PLCs), but attendees will hopefully come away fired up and wanting to play with some old school tech.
Presenters:
-
Mike Kemp
Michael is an experienced UK based security consultant, with a specialization in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs (which he really has no choice in as he set it up). When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Hawaii, New York, Los Angeles, Warsaw, Prague, Holland, Zagreb, Krakow, Quebec, and London (on subjects as diverse as virtualisation, malware, and why the government sucks), and is always keen to embarrass himself in new and exotic locales.
Similar Presentations: