Dustin Heywood
Dustin Heywood otherwise known as EvilMog® is a hacker, mostly retired member of "Team Hashcat", and Executive Managing Hacker / Senior Technical Staff Member at IBM X-Force. He has been cracking passwords since 2009, and is the developer of the ntlmv1-multi tool. In his spare time he collects life time entry badges to conferences.
Session
F5 load balancers and other products store secrets in configuration files encrypted by a unit specific master key. This talk describes how with access to an F5 device via an exploit or legitimate access the master key can be extracted and configuration passwords decrypted. This talk will also share a weaponized version of an F5 exploit with the added functionality. These techniques are not documented however the technique was determined through a careful reading of the documentation and manipulation of the data storage formats. Learn the secrets of the $M$ password storage format today.