Presentation Title: Attacking Cisco Network Admission Control – NAC@ACK
Presentation Details:

The last two years have seen a big new marketing-buzz named “Admission Control” or “Endpoint Compliance Enforcement” and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: “Cisco Network Admission Control”. NAC is a pivotal part of Cisco’s “Self Defending Network” strategy and supported on the complete range of Cisco network- and security-products. From a security point of view “NAC” is a very interesting emerging technology which deservers some scrutiny. The Cisco NAC solution contains two major design-flaws which enable us to hack (at least) two of the three different variants using some kind of “posture spoofing attack”. We will demonstate code & tool for posture spoofing in Cisco NAC secured networks.

About Michael

Michael Thumann is Chief Security Officer and head of the ERNW “Research” and “Pen-Test” teams. He has published security advisories regarding topics like ‘Cracking IKE Prshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas - a Cisco Password Cracker’, ‘ikeprobe - IKE PSK Vulnerability Scanner’ or ‘dnsdigger - a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) german Pen-Test Book that has become a recommended reading at german universities.

In addition to his daily pentesting tasks he is a regular conference-speaker and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level.

** Presenting with Dror-John Roecher