Exploiting F5 BIG-IP: Deconstructing This Simple But Deadly RCE
Whether you use F5 products or not, CVE-2020-5902 is still an important vulnerability to understand because you certainly use other products that share the same vulnerable components as the F5 BIG-IP products. There are a ton of lessons to be learned from this exploit that can be applied broadly. One lesson in particular is that…
Whether you use F5 products or not, CVE-2020-5902 is still an important vulnerability to understand because you certainly use other products that share the same vulnerable components as the F5 BIG-IP products. There are a ton of lessons to be learned from this exploit that can be applied broadly. One lesson in particular is that we really should assume that all products we use harbor the same secure coding violations that underly CVE-2020-5902 and take pre-emptive action to limit risk.
In this webinar, our own Director of Cyber Threat Research, Kev Breen, joins the experts at Ultimate Windows Security and Randori to deconstruct CVE-2020-5902, and provides a hands-on demo of our lab covering this same vulnerability.
Topics covered include:
- How the exploit works
- How Java and Apache fits into the vulnerability
- How to use the exploit to download or upload files or run arbitrary shell commands
- Why products like F5’s BIG-IP contain such simple but powerful security holes
- How following best practices like attack surface management works
- And more
Latest Blog posts
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs Edit
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
13 September 2021
Episode 44: Rotten Apple or Privacy Nuts?
2 September 2021
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
10 August 2021
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021
