CiscoInTheSkyWithDiamonds

More documents

Recommendations

Info

The L3 form of VSM/VEM communication is just UDP Simply flooding the UDP port 4785 with any UDP packets on either end causes the VEM to be considered offline by the VSM The heartbeat messages don’t make it through VEMs can operate independently Dynamic or configuration based changes, however, no longer get propagated
Cisco’s documentation says 128 Bit encryption, but nothing else Turns out to be AES-CBC – somewhat Using OpenSSL The key and IV are hard coded in all binaries that need to take part in STUN Key and IV are reinitialized for each frame received The HMAC is SHA1, no secret We can decrypt and encrypt traffic on the “virtual backplane” now Requirement is that we can talk to the right virtual interfaces
Page 1: Observed by Greg & FX
Page 4 and 5: 1967: First systems with IBM CP-67
Page 6 and 7: 10 GigE Virtual Switch
Page 9 and 10: Cisco Nexus Operating System (NX-OS
Page 11 and 12: This being a VMware VM, we can boot
Page 13 and 14: The N1kV requires license files to
Page 15 and 16: Let‘s see what that function does
Page 17 and 18: Exploitation is a bit tricky though
Page 19 and 20: The jailbreak script adds a user to
Page 21 and 22: Why talk about licensing? CSCud0142
Page 23 and 24: 6 bytes (12 hex chars) “signature
Page 25 and 26: We could now exercise our 1337 reve
Page 28 and 29: CDP is everywhere in Cisco land VM
Page 30 and 31: The VSM stores a set of “opaque d
Page 32 and 33: Offset Size Meaning 0x0 8 Bit Proto
Page 35: VEMs register themselves with the V
Page 39: 1. Compromise a web server in a vir
Page 42 and 43: At Phenoelit, FtR is the go-to-guy
Page 45: Our work with Cisco PSIRT goes back

CiscoInTheSkyWithDiamonds

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?