BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Private Keys in Public Places\n   When: Friday\, Aug
  11\, 13:30 - 14:15 PDT\n   Where: Caesars Forum - Forum - 105\,135\,136 -
  Track 1 - [1]Map\n\n   SpeakerBio:Tom Pohl \, Principal Consultant and th
 e Penetration Testing\n   Team Manager at LMG Security\n   Tom Pohl is a P
 rincipal Consultant and Penetration Testing Team\n   Manager at LMG Securi
 ty. Prior to LMG\, he has spent most of his career\n   on the blue team bu
 ilding and securing systems used by millions of\n   people. And by night\,
  he is a competitive CTF player and has won\n   several black/gold badges 
 including THOTCON\, Circle City Con\, Wild\n   West Hackin’ Fest and DEF
  CON. He is good at what he does because\n   he’s already made many of t
 he mistakes that he encounters in client\n   environments on a daily basis
 .\n\n   Description:\n   Firmware and software binaries are littered with 
 private keys\,\n   legitimate CA-blessed certificates\, and encryption key
 s—but hardly\n   anyone notices. These secrets are often obfuscated or o
 therwise hidden\n   in ways that weren’t intended to be found. I’ll sh
 ow three\n   real-world examples from popular manufacturers (Netgear\, For
 tinet and\n   Dell)\, and demonstrate techniques for uncovering them. In t
 he most\n   extreme example\, an adversary can use an obfuscated key to ga
 in access\n   to any customer’s vCenter environment.\n\n   I’ll start 
 with a straightforward look at Netgear firmware and show\n   methods for d
 iscovering private keys in PEM-encoded text files.\n   We’ll dig into th
 e Fortinet firmware\, which contained custom\n   obfuscated archive files\
 , and show how to extract Apple and Google\n   issued certificates and I w
 ill also show that 3 year awaited “fix”\n   did not adequately solve t
 he issue.\n\n   Finally\, I’ll dig into the worst case: a static AES enc
 ryption key\n   within Dell software used to connect to vCenter. I'll demo
 nstrate how\n   retrieve\, decompile and use a static AES key which will d
 ecrypt\n   vCenter credentials. The key is the same for EVERY customer. Th
 is has\n   not been talked about anywhere publicly.\n\n   I’ll conclude 
 by discussing the importance of developer training\,\n   proper key manage
 ment\, and (above all)\, identifying and eliminating\n   this systemic pra
 ctice.\n\n   REFERENCES\n\n           * [2]https://starkeblog.com/netgear/
 tls/private-key/2020/01/19/netgear-signed-tls-private-key-disclosure.html\
 n             - Nick Starke and Tom Pohl\n\n           * [3]https://www.fo
 rtiguard.com/psirt/FG-IR-20-014 - Tom Pohl\n\n   '\n\n   1. #CaesarsForumB
 R\n   2. https://starkeblog.com/netgear/tls/private-key/2020/01/19/netgear
 -signed-tls-private-key-disclosure.html\n   3. https://www.fortiguard.com/
 psirt/FG-IR-20-014\n\n\n
DTEND:20230811T211500Z
DTSTART:20230811T203000Z
LOCATION:DC - Caesars Forum - Forum - 105\,135\,136 - Track 1
SUMMARY:Private Keys in Public Places
END:VEVENT
END:VCALENDAR