For more than five years, firewall vendors have been under persistent, cyclical struggle against a well-resourced and relentless China-based adversary that has expended considerable resources developing custom exploits and bespoke malware expressly for the purpose of compromising enterprise firewalls in customer environments. In this first-of-its-kind presentation, Andrew Brandt will walk attendees through the complete history of the campaign, detailing the full scope of attacks and the countermeasures one firewall vendor developed to derail the threat actors, including detail into the exploits targeting specific firewalls, and malware deployed inside the firewalls as a result of these attacks. Fundamental to this presentation is the fact that the adversary behind this campaign has not targeted only one firewall vendor: Most of the large network security providers in the industry have been targeted multiple times, using many of the same tactics and tools. So this serves not merely as a warning to the entire security industry, but as an urgent call to the companies that make up this industry to collectively combat this ongoing problem. Because at the end of the day, we all face the same threat, and we cannot hope to withstand the tempo and volume of these attacks alone. We must work together.

DEF CON 34 - DEF CON Policy Announcement - Katie Noble, Heather West
5.4K views

DEF CON 33 - DisguiseDelimit: Exploiting Synology NAS with Delimiters and Novel Tricks - Ryan Emmon
11.1K views

DEF CON 33 - Browser Extension Clickjacking: One Click and Your Credit Card Is Stolen - Marek Tóth
8.5K views

DEF CON 33 - Can't Stop the ROP: Automating Universal ASLR Bypasses - Bramwell Brizendine
3.6K views

DEF CON 33 Recon Village - Building Local Knowledge Graphs for OSINT - Donald Pellegrino
5.4K views

DEF CON 33 Recon Village - Mapping the Shadow War From Estonia to Ukraine - Evgueni Erchov
6.4K views