[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: hitb cinema :: lock picking village :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Conference Materials: http://conference.hitb.org/hitbsecconf2007kl/materials/

Official Photos: http://photos.hitb.org

Dror-John Roecher (Senior Security Consultant, ERNW GmbH)

Filed under: Main Page — Administrator @ 9:40 pm

Presentation Title: Attacking Cisco Network Admission Control – NAC@ACK
Presentation Details:

The last two years have seen a big new marketing-buzz named “Admission Control” or “Endpoint Compliance Enforcement” and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: “Cisco Network Admission Control”. NAC is a pivotal part of Cisco’s “Self Defending Network” strategy and supported on the complete range of Cisco network- and security-products. From a security point of view “NAC” is a very interesting emerging technology which deservers some scrutiny. The Cisco NAC solution contains two major design-flaws which enable us to hack (at least) two of the three different variants using some kind of “posture spoofing attack”. We will demonstate code & tool for posture spoofing in Cisco NAC secured networks.

About Dror

Dror has enjoyed working with Cisco stuff for more than eight years and is usually busy assessing the security of enterprise networks and data-centers. He works as a senior security consultant for germany-based ERNW GmbH all over Europe and has published multiple whitepapers on security-related topics. He is a seasoned speaker and enjoys sharing his experience with his audience. The last two years have seen him develop additional points of interests including Mobile Security [he simply loves to play around with all the newest funky gadgets] and Endpoint Security - but at the heart he still is a networker.

** Presenting with Michael Thumann

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Microsoft Corporation

Gold Sponsors


Official Airline Partner

Internet Bandwidth Sponsor

Global Transit

CTF Sponsor

Scan Associates

CTF Prize Sponsor

Scan Associates

Sponsor for Zone-H/HITB Hacking Challenge


HITB Cinema Sponsor

Avenuz Sdn. Bhd.

Official Creation Station

The Womb.com

Our Speakers are Supported By

F-Secure Corporation

Arbor Networks


Bellua Asia Pacific


Mozilla Corporation

Mu Security

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations

Chaos Computer Club

ISECOM - Insititue for Security and Open Methodologies


IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security

Special Interest Group in Security & Information InteGrity Singapore