Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices скачать в хорошем качестве

Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices

Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices Presented at the VB2025 conference in Berlin, 24 - 26 September 2025. ↓ Slides: https://www.virusbulletin.com/uploads... ↓ Paper: N/A → Details: https://www.virusbulletin.com/confere... ✪ PRESENTED BY ✪ • Piotr Kijewski (The Shadowserver Foundation) ✪ ABSTRACT ✪ This talk will tell the story of how The Shadowserver Foundation has responded to many recent high-profile critical vulnerabilities such as Citrix NetScaler (CVE-2023-3519 etc), Cisco IOS XE device implants (CVE-2023-20198), Fortinet Fortigate (CVE-2024-23113), Palo Alto PanOS (CVE-2024-0012) etc., and others affecting tens of thousands of organizations globally. This includes how we worked on new vulnerability scans on an internet scale to be able to quickly detect exposed, vulnerable or compromised instances and understand the scale of each incident. It will also cover how we improved our attack detection signatures and utilized our global honeypot sensor network to be able to quickly detect exploitation attempts and help identify webshells on compromised or incompletely remediated devices. All information gathered was then quickly disseminated to the affected parties, their national CSIRTs, and law enforcement (where appropriate) via our free remediation feeds. None of that would be possible without close collaboration with multiple partners who provided a lot of information observed "on-the-ground", which we could combine with our own data collection mechanisms to maximize remediation effects. We will cover the lessons learned from this collaboration, which will hopefully allow for even more effective response from the community in future incidents.