Modern computing systems implement a variety of remotelyaccessible, instrumented management interfaces. As professional penetrationtesters it is important to understand the native capabilities of suchinterfaces, the security consideration of offering access and the techniquesused to interact with and exploit the interface.
This talk reviews common remote management interfacesand identify their effect on a systems security posture. It starts byreviewing the most common technologies, then after establishing a commonframework of understanding; looks at the security implications of eachtechnology highlighting common "hidden features".
Within the final phase, this presentation reviewstypical testing actions.