Hacking Cisco NAC – NACATTACK

At Black Hat Europe 2007 Dror-John Roecher and Michael Thumann showed how they were able to hack the Cisco NAC solution by exploiting a fundamental design flaw. In this video they illustrate how they worked towards this discovery and give us some exploit details. It is not their intention to simply release a tool, they want the audience to understand how Cisco NAC works and why it is not as secure as Cisco wants us to believe. For more security-related material visit www.net-security.org


Diamond Dave is the owner and site coordinator of Blackhat world . Most SEO experts knew that this website is a good source of black hat seo techniques. Little that they know, this website is all about good SEO and making money online.  Diamond Dave is the owner and site coordinator of www.Blackhatworld.com (BHW). Most webmasters and internet marketing experts know and follow all the latest Search Engine Optimization (SEO) techniques on the internet at BHW. In fact, Blackhat World is not only the #1 website on the internet for cutting edge Search Engine Optimization methods it is the No 1 "authority" site. Some of the topics discussed on BHW include but are not restricted to: Outsourcing, Blogging, email marketing, Social Networking, Google Adsense and Google Ad words, hiring freelancers, webmaster tools and many more categories and subjects of interest. In addition, BHW is a great resource for beginners (newbies) and seasoned veterans. Read more from this author


10 Responses to “Hacking Cisco NAC – NACATTACK”

  • phillyfunnyguy:

    Cisco support has gone down the tubes. I remember calling sales and getting someone who actually could help. Now They are refusing to support Vista with my Pix firewall VPN, I need remote logon for my domain. (SBL) They did everything (including blaming Micrsoft) not to fix my problem. I would expect more out of Cisco then to make a client that only Half works for vista. No plans to make it right, very lame….

  • clotfy:

    Cisco mainly positions its NAC appliance solution which is widely deployed and is a very reliable solution and not the NAC framework mentioned. If the hacking was truly done, how come they did not demo it? and how come they did not talk about other vendors?
    Seeing is believing: anybody can talk and claim that they hacked any system and if there is no concrete proof and clear explanation of how testing was done and proper analysis and explanation of results, this information is simply worthless

  • tsudohn1mh:

    Thanks for posting this video. I got to meet these guys at BH America and I have to say their work is amazing. The research and reverse engineering work alone seemed overwhelming and the hack was brilliant. Thanks for the vid.

  • splintcer:

    An in all honesty, most (if not all) NAC technologies out there suffer from a similar type of flaw. As rightly said at the begining, you are asking an end-device for posture information, which quite frankly can be spoofed – in some cases easily, in other cases not so easily.

  • Madowstone:

    if this would be the only flaw on the cisco devices I would be the gladest man in the world.

  • masterdanoz:

    Yer solid effort indeed. Smartasses :)

  • Webmast84:

    Great video guys!

  • eneasquintero:

    I never saw anything but two guys talk, demo anyone?

  • Dooobs:

    Very intresting, I do a little bit of reverse engineering myself and it is a lenghty process.

    So grats to these guys.

  • ha5h:

    DUDE you rock….
    i need your help :)

    Diamond Dave is the owner and site coordinator of www.Blackhatworld.com (BHW). Most webmasters and internet marketing experts know and follow all the latest Search Engine Optimization (SEO) techniques on the internet at BHW. In fact, Blackhat World is not only the #1 website on the internet for cutting edge Search Engine Optimization methods it is the No 1 "authority" site. Some of the topics discussed on BHW include but are not restricted to: Outsourcing, Blogging, email marketing, Social Networking, Google Adsense and Google Ad words, hiring freelancers, webmaster tools and many more categories and subjects of interest. In addition, BHW is a great resource for beginners (newbies) and seasoned veterans.
Ads
Amazon.com
SeNuke.com
Tags
CATEGORIES
Translator