NAT Pinning 2.0: bypassing routers & firewalls via web+NAT abuse
2019-11-09, 12:30–12:55 (US/Pacific), Red Day

NAT Pinning is a combination of techniques to allow an attacker to remotely access any TCP/UDP services bound on a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.


This talk will go over a new tool I'm releasing, NAT Pinning v2. NAT Pinning allows an attacker to remotely access any TCP/UDP services bound on a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website. It uses multiple techniques to be cross-platform, cross-browser, and multi-protocol.
Some areas we'll cover:
- NAT (Network Address Translation)
- Router Investigation
- Firmware Dumping
- Reverse Engineering Firmware
- Network Protocol Investigation
- Browser Protocols
- Timing Attacks

Samy Kamkar is an independent security researcher, sometimes known for creating The MySpace Worm, one of the fastest spreading viruses of all time. He attempts to illustrate terrifying vulnerabilities with playfulness, and his exploits have been branded:
“Controversial” -The Wall Street Journal
“Horrific” -The New York Times
“Now I want to fill my USB ports up with cement” -Gizmodo

His open source software, hardware, and research highlight the insecurities and privacy implications in everyday technologies, from the Evercookie, which produces virtually immutable respawning cookies, to SkyJack, a drone that wirelessly hijacks and autonomously controls any other drones within wireless distance. His work has been cited by the NSA, triggered hearings on Capitol Hill, and has been the basis for security advancements across most web browsers, smartphones, and vehicles.

This speaker also appears in: