Below are the slides that I’ve presented at the OWASP Benelux day 2013 (Amsterdam). It covers partial results of my research about Managed Antivirus software, especially how I’ve chained multiple McAfee ePolicy Orchestrator bugs and weaknesses in order to compromise both the ePO server(s) and the managed stations. This is how ePolicy 0wner tool was born.
Thanks to the audience and the staff ! It was a very pleasant moment :-)
References:
- https://kc.mcafee.com/corporate/index?page=content&id=sb10042
- http://www.kb.cert.org/vuls/id/209131
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0140
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0141
Enjoy!
Note: There is a rating embedded within this post, please visit this post to rate it.
© 2013 – 2015, Fun Over IP. All rights reserved.