Blackhat USA2023:Diving into Windows Remote Access Service for Pre-Auth Bugs(@guhe120)
Highlights of This Session
✔ Windows RAS VPN components
✔ Examples of pre-auth remote bugs & bug patterns in windows RAS
✔ Not only result but also approach & thoughts during the research
✔ Windows bounty experience
❌ Exploiting details of the bugs is beyond the scope
A walk through of a bug hunting project
Agenda
⚫ Background
⚫ Windows Remote Access Service
⚫ PPTP
⚫ Authentication Protocols
⚫ SSTP
⚫ L2TP
⚫ IKE
⚫ Future Work & Take Aways
评论0次