Load Balancer with RCE, Hacking F5

This talk will open up with the question have you heard of F5 load balancing? Or did you ever write code in TCL in your youth? The two questions relate because the language used for defining F5 iRule is a fork of TCL-8.4.



Two demos will show how to automatize detection of the vulnerability in your iRule code. A short example will show how this is not fully sufficient because of lexical problems that are hard to detect with a (this) script. The next demo will show a unit-testing tool that can aid in testing all inputs from client and upstream.

Long term consequence:

This bug-class will not be fixed by F5, this means that your organization or customer need to stay on top of it. Armed with the tools and knowledge from this talk, your F5 instance can become injection free.

This was presented at Security Fest 2019.

Speakers: Christoffer Jerkeby

About Christoffer Jerkeby

Christoffer Jerkeby

Christoffer is a security researcher working as a consultant for F-Secure Sweden. He has previously worked in telecom security research for many years and have become known from talks on Travel card hacking at SEC-T in 2010. Christoffer is an organizer behind the Danish hacker camp Bornhack and one of the founders behind the first Swedish hackerspace Forskningsavdelningen in Malmö. Christoffers research have ranged from writing the specification for GlobalPlatform TEE Socket/TLS API, Bluetooth Mesh security to finding Qubes vulnerabilities, Wi-Fi vulnerability research, VPN de-anonymization and GSM fuzzing. Expect a roller-coaster of pain, aha and hackery from this one.

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.