Ubiquiti network gear has become a favorite among tech enthusiasts. Unfortunately, various Ubiquiti products have had some serious vulnerabilities in recent history, and like most products, there are deployment decisions that can dramatically reduce the security of the network. There are even features that can provide shell access to the network from the internet. Listen in as we discuss how to go from zero access from the Internet to a root shell via Ubiquiti gear. We'll also explore methods to weaponize the Unifi APs and Unifi Cloud Key devices to for use as attack platforms.

Jon is the Founder and Principle Consultant of Fundamental Security, a small consulting firm focused on penetration testing, incident response, and strategic security consulting. He started working with technology in High School as a student of the Cisco Networking Academy, and has focused on Information Security since 2006. He has performed security engineering, security architecture, incident response, and penetration testing in the government, retail, insurance, and financial sectors. He has managed a team of Penetration Testers at a Fortune 500 financial institution, and served as a Security Architect and Penetration Tester for an international Fortune 500 retailer. Jon also travels the country as an instructor for the SANS Institute. Currently, he teaches two of SANS’s seminal courses, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC560: Network Penetration Testing and Ethical Hacking. He is proud to have served in the Army Reserve for 11 years, where he became a Warrant Officer and served one tour in Afghanistan. He currently maintains the GCIH, GPEN, GAWN, GMOB, CISSP, and Security+ certifications.

@flkapaket

Back to Derbycon 2018 video list