Last year, during the IPv6 Security Summit at Troopers 14, Chiron, an all-in-one IPv6 penetration testing framework was released publicly for first time. Since then, the advanced features of Chiron were used to discover some 0-day evasion techniques against high-end commercial and open-source Intrusion Detection / Prevention Systems. Moreover, it was enhanced with new features, like advanced MLD support and a fake DHCPv6 server, which can be combined with its other features, like the use of arbitrary Extension Headers and fragmentation to leverage really advanced attacks. The latest version of Chiron with its new capabilities will be released for first time publicly again at Troopers. Specifically, in this workshop, after a quick refreshing to the basic capabilities of Chiron, we will focus on the advanced IPv6 functionalities that the framework offers. We will not only show how to reproduce the latest published IPv6 attacks, but moreover, how you can create your own arbitrary IPv6 attacking scenarios for your own security assessments or penetration testing purposes. For instance, we will show how the old RA Guard evasion techniques can be used by the new Chiron DHCPv6 server to evade DHCPv6 Guard too. A lab will be set up in order not only to reproduce the presented techniques, but to also try your skills and - why not - to discover your own 0-day techniques :).
No programming experience or prior knowledge of Chiron are required. Some necessary (but not very basic) IPv6 theory will also be given to better explain the demonstrated IPv6 attacks. Bring your own Linux device with Python 2.7.x installed, or your favourite Operating System with VirtualBox, and you are good to go (source code and virtual images with all what you need will be provided).
Antonios Atlasis is an IT Security researcher with a special interest in IPv6 (in)securities. His work has been presented in several IT Security conferences and it has resulted in the discovery of various IPv6-related vulnerabilities. He is the author of Chiron, an IPv6 specialized and very flexible security assessment tool.
Rafael has studied computer science with a specialization in telecommunication at the Bonn-Rhein-Sieg University of Applied Sciences (Department of Computer Science). His research interests include network and IPv6 security issues. He wrote his (highly rated) bachelor thesis on “IDS – Recognition and Validation of IPv6 Extension Header” and works as a security analyst at ERNW GmbH. He has presented on IPv6 security issues at several occasions, incl. Black Hat Sao Paulo, Black Hat Asia, Black Hat Europe, Troopers and Hack.lu.