Simon Clow presents at CRESTCon
Modern computing systems implement a variety of remotely accessible, instrumented management interfaces. As professional penetration testers it is important to understand the native capabilities of such interfaces, the security consideration of offering access and the techniques used to interact with and exploit the interface.
This talk reviews common remote management interfaces and identify their effect on a systems security posture. It starts by reviewing the most common technologies, then after establishing a common framework of understanding; looks at the security implications of each technology highlighting common "hidden features".
Within the final phase, this presentation reviews typical testing actions.