Baptiste David

Speaker

Designation :

IT security specialist, ERNW


Talk Title :

Security journey in French Network Access Controller


Abstract :

Network access controllers (NAC or Captive Portals) are used to filter and to control the users having access to an open network on the Web. They are usually used to manage open Wi-Fi access points that anyone may interface everywhere (hotel, train, school, company) but not only. In this presentation, we see the general security of such tools and how part of it can be bypassed. Also, we focus on a specific NAC, called Alcasar. This French open-source NAC software presents several vulnerabilities than can be exploited to take control of the NAC, fake authentication and to retrieve users’ cleartext passwords. This talk is the illustration of many vulnerabilities used to bypass a security product. It also provides an overview on the last version, adding details about what has been corrected and what can still be improved...

Bio :

Dr. Baptiste David is an IT security specialist at ERNW, specialized in Windows operating system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operating system platform, kernel development and vulnerabilities research. He also worked for couple of antivirus compagnies. He has given special courses and trainings in different universities in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…