One tool to rule them all - and what can it lead to

March 16, 2016 (at 5 p.m.)

Think about managing your servers with an automated tool. Eliminate complexity and perform administrative tasks on remote machines in couple of clicks - this requires considerable trust in all the components of such solution. What could go wrong?

When working on my master thesis related to security assessment of black-box client-server applications, I needed a real system to test. We gained access to a software solution allowing remote administration of a broad range of server environments with one tool.

In this talk we will disclose some of the vulnerabilities we have found. This includes a way to compromise the systems in a managed environment by bypassing authentication and performing such unauthorized actions as remote password change.

Olga Yanushkevich

Olga is currently working as a penetration tester at ERNW GmbH. She has recently written her master thesis on security assessment of black-box client-server applications and continues research in this area.