PreAuth RCE Chains on an MDM - KACE SMA - TIB AV-Portal

PreAuth RCE Chains on an MDM - KACE SMA

00:00

Hofmann, Jeffrey

Formal Metadata

Title

PreAuth RCE Chains on an MDM - KACE SMA

Title of Series

Number of Parts

Author

Hofmann, Jeffrey

Contributors

N. N. (Moderation)

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/62213 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

MDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an “instant win” target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.

Speech

Text

Image

00:00

Virtual machineView (database)outputDrill commandsExecution unitEmailWebsiteCASE <Informatik>Gastropod shellSurfacePartial derivativeComputer fileSingle-precision floating-point formatRootVulnerability (computing)Integrated development environmentHybrid computerVirtual machineExploit (computer security)BackupProcess (computing)FreewareAxiom of choiceInformation securityWeb 2.0Reading (process)Point cloudQuicksortData managementLaptopTraffic reportingAuthorizationWorkstation <Musikinstrument>BitArithmetic meanElectronic mailing listType theorySource codeDefault (computer science)Level (video gaming)CodeFunctional (mathematics)Cartesian coordinate systemInteractive televisionLoginTerm (mathematics)Directory serviceString (computer science)Multiplication signBinary codeChainSoftwareAuditory maskingConfiguration spaceWordMathematicsForcing (mathematics)Inclusion mapINTEGRALAuthenticationInternetworkingModal logicCoefficient of determinationStatement (computer science)Service (economics)RoutingSystem administratorText editorReverse engineeringFile systemOperator (mathematics)Wrapper (data mining)Binary fileSelf-organizationFlow separationPublic key certificatePoint (geometry)Remote procedure callSet (mathematics)Context awarenessMoving averageOperating systemProduct (business)Mobile WebComputer animation

09:49

Symbol tableElectric currentVariable (mathematics)Convex hullTable (information)Menu (computing)Computer configurationVariable (mathematics)Different (Kate Ryan album)Type theoryFormal languageTouchscreenBlock (periodic table)CodeVulnerability (computing)Pairwise comparisonPoint (geometry)1 (number)System callFunctional (mathematics)System administratorView (database)AuthenticationNormal (geometry)Hash functionoutputRight angleRootTerm (mathematics)String (computer science)Validity (statistics)Entire functionPotenz <Mathematik>Positional notationNumberGreen's functionDirectory serviceMobile appLoginCartesian coordinate system2 (number)Optical disc driveSet (mathematics)Identity managementFunction (mathematics)Default (computer science)Proxy serverLink (knot theory)Token ringElectric generatorUniform resource locatorPasswordSymbol tableHuman migrationTable (information)MathematicsBitHTTP cookieMultiplicationGame controllerMultiplication signPower (physics)Configuration spaceEquivalence relationDatabaseRotationCASE <Informatik>File formatDirection (geometry)EmailOperator (mathematics)AuthorizationParameter (computer programming)Computer animation

19:39

String (computer science)Function (mathematics)Distribution (mathematics)Convex hullTwin primeRandomizationMultiplication signIntrusion detection systemForm (programming)Uniqueness quantificationInjektivitätParameter (computer programming)Function (mathematics)Different (Kate Ryan album)System callNumberAddress spaceContent (media)Token ringMessage passingSerial port1 (number)Computer fileAuthenticationFunctional (mathematics)CalculationServer (computing)BitTelecommunicationSurfaceStructural loadMiniDiscTouchscreenCodeVariable (mathematics)Equivalence relationChainQuery languageOcean currentMobile appDirection (geometry)Validity (statistics)Revision controlBootingDependent and independent variablesInstallation artPairwise comparisonOracle2 (number)Constraint (mathematics)Hash functionSign (mathematics)PasswordLoginString (computer science)LogicComputer wormStrategy gameNumeral (linguistics)SpacetimeCASE <Informatik>Binary codeSoftware developerOrder (biology)ImplementationRight angleExecution unitPerspective (visual)Demo (music)IntegerASCIIBlock (periodic table)RootFerry CorstenMeasurementSoftware testingDatabaseGoodness of fitForcing (mathematics)Drop (liquid)Line (geometry)Bootstrap aggregatingUniform resource locatorGame controllerComputer animation

29:28

Mobile appComputer wormInjektivitätAddress spaceNumberComputer fileComputer-assisted translationComputer wormScripting languageDependent and independent variablesBitMultiplication signGastropod shellRootVirtualizationCuboidInstallation artContext awarenessComputer animation

31:11

Patch (Unix)Mobile appVulnerability (computing)CodeInformation securityTelecommunicationBitParameter (computer programming)SubsetMaterialization (paranormal)Computer wormRootInjektivitätClosed setLattice (order)Reflection (mathematics)1 (number)Scripting languageReading (process)Term (mathematics)Integrated development environmentLoginComputer fileIntrusion detection systemExploit (computer security)Hash functionCore dumpReal numberSoftware developerHacker (term)Multiplication signCASE <Informatik>NumberComputer animation

Transcript: Englisch(auto-generated)