Caught in the FortiNet: Compromising Organizations Using Endpoint Protection

Fortinet is a prominent cybersecurity company that offers a wide range of products designed to protect organizations from various threat actors. Among these, their endpoint protection solution is often considered a critical component in achieving a “hermetic” security posture, securing every endpoint within an organization. However, as with any security solution, there is an inherent risk: the same technology that defends against attacks can, if compromised, serve as a gateway for attackers to infiltrate entire networks.

What happens when the very tool designed to protect an organization becomes a potential vulnerability? In this talk, we will explore our research into Fortinet’s endpoint agent solution, revealing how attackers could exploit flaws within the software to compromise all machines in an organization. We’ll discuss the dual-edged nature of endpoint protection: while it serves as a frontline defense, it also presents a unique attack surface. Through both high-level and low-level research, we’ll demonstrate how an adversary could leverage vulnerabilities within Fortinet’s product to bypass security mechanisms, escalate privileges, and ultimately take control of an organization’s network.

Join us as we walk through our research journey, showcasing our findings and demonstrating how attackers could exploit these vulnerabilities to launch sophisticated attacks against enterprises. This talk is geared towards security professionals and anyone interested in understanding the current landscape of endpoint security threats in relation to widely used commercial solutions like Fortinet.