SQLi to Root Access: Exploiting a ISP infrastructure

What if we play with the ISP? In this talk I am going to tell you how one day, something that started as a simple SQL injection, going through LFI, RCE, ended up in a pwn of an internet provider in my country that affected more than 25 cities, being able to intercept user traffic and other stuff.

Presented at Security Fest 2023.

Speaker: Ignacio Navarro

About Ignacio Navarro

My name is Ignacio, I am 25 years old and I am from Río Cuarto, Argentina. I am currently working as a Sr. Software Engineer. I started to enter the world of infosec about 6 years ago. My interests include code analysis, webapps security and cloud security Speaker at Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty @Ignavarro1

SUBSCRIBE TO OUR NEWSLETTER

Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.

Get newsletter →