At @defcon, @eAyeP and @ravenousbytes debuted 9 CVEs affecting power management and supply technology in power centers, kicking off a new series investigating vulns impacting data centers.
Curious how the CVEs work together to allow full system access? Watch and learn. 🧵⬇️
@attritionorg@Trellix All CVSS scores are v3.1, I have attached the strings here for clarity.
CVE-2023-3259 - 9.8 - AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-3260 - 7.2 - AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2023-3261 - 7.5 - AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Data centers are vital infrastructure and a high value target for threat actors. Our team is investigating power management & supply technologies to expose and prevent new attacks. @eAyeP & @ravenousbytes discuss 9️⃣ vulns we discovered on the blog. https://t.co/u2AmkyzO0z
#DEFCON2023 Come check out @ravenousbytes, and I present 9 0-days we found in 2 data center power management targets! 🤘😈 #hacktheplanet
Title: Power Corrupts; Corrupt It Back! Hacking Power Management in Data Centers [Sat 08/12 14:00 - Track #4]
When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key
NEW RESEARCH FROM @eAyeP, @Abraxus7331 & @fulmetalpackets https://t.co/0PhyTBtRoT
So awesome lugging this massive door around to all the stages in Vegas! Haha also clearly @spovolny is prettier as they cut all my interview sections out 🥲
.@eAyeP and I spoke with DefCon film crew recently backstage - short interview here! Sam completed the vast majority of the technical heavy lifting for this project, so major props to him! https://t.co/kXbG4Vtumk
@falcnix@falcnix thanks for pointing this out. The last video should be up there now!
I am so glad you are enjoying the series. Our team has plans to do more of these in the future so keep an eye out!
Check out part one of our blog hacking the HID Mercury access controller! This first part covers how we got root access on the controller and deep dive into the hardware hacking process. https://t.co/WXtVFb38cc
See you all tomorrow at 1:30p @ South Seas AB (level 3) for my talk about eBPF for Windows! There will be vulns and discussion of the capabilities and design of the current Windows eBPF implementation!
@corintxt@defcon@spovolny and I will have a full access control system + door setup at @defcon for our talk "Perimeter breached! Hacking an Access Control System". If you want to hack the Linux controller with our one-click exploit written in Python, lets find some time!
That being said, I'm super excited to be speaking at the @DC_HHV about M32C reversing (Friday @ 1pm) and practicing my goth dance moves at @dcgothcon (Friday night!) 🕺🦇
Also Saturday should be lots of fun. Looking forward my colleagues @spovolny and @eAyeP kickass talk on hacking HID Mercury access control panels (Sat 3:30p Track 4) https://t.co/9AJsqep8uV
Woot woot! Let's hack the planet y'all 🤘😃🤘