µMIMOSAWRITERROUTER: Abusing EPC on Cisco Routers to Collect Data

The goal of this talk is present a way to abuse a default feature of Cisco routers to configure a remote sniffer using the EPC feature.

No 0day, no tclsh, just a new approach to abusing this feature without any additional requirements.

We abused EPC further and built a system to collect massive amounts of data and store them for analysis. The PoC developed uses multiple Cisco routers configured to send their data traffic (input, output or both) to our repository where  we are able to start the process to transform the raw data and extract things like user credentials, pre-shared key keys, URLs etc. During HITB we will release a tool to automate this process for the both cases – regular penetration tests or for massive data collection.

Location: Track 1 Date: May 29, 2015 Time: 2:00 pm - 3:00 pm Joaquim Espinhara Rafael Silva Download Presentation Materials