Turning Your Weapons Against You. presented at BSidesLondon 2019

by Andrew Blane,

Summary : My talk is about using security tools setup by an organisation against itself. Specifically vulnerability scanners and NAC solutions. Generally organisations will scan host on a network without think about the consequences of doing this. Often security solutions will blindly attempt to authenticate to a host during the scanning process which can be abused by an attacker to capture credentials used by the the tool to authenticate to large number of host within the enterprise.The talk will include information on general misconfigurations in these solutions and demos of how to exploit them. There will also be a remediation section at the end.