BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//talk//SXCJNW
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-SXCJNW@cfp.troopers.de
DTSTART;TZID=CET:20260624T151500
DTEND;TZID=CET:20260624T161500
DESCRIPTION:In this talk\, we present a practical\, end-to-end attack chain
  against modern fiber access networks\, demonstrating how multiple pre-aut
 henticated Remote Code Execution (RCE) vulnerabilities can be chained to f
 ully compromise an ISP infrastructure.\n\nWe begin by exploiting three pre
 -authenticated RCE vulnerabilities on a GPON Optical Line Terminal (OLT)\,
  gaining initial access to a device that sits at a critical point of ISP n
 etworks and directly handles customer traffic. From the compromised OLT\, 
 we pivot into the ISP’s cloud-based fleet management platform via an add
 itional pre-authenticated RCE\, ultimately obtaining centralized and persi
 stent control over all deployed OLTs managed by the provider.\n\nIn large-
 scale deployments\, OLTs are remotely administered through centralized man
 agement platforms\, making them highly attractive targets. By chaining vul
 nerabilities between exposed edge devices and their associated cloud manag
 ement systems\, an attacker can escalate from a single-device compromise t
 o full control over the access network infrastructure.\n\nThis attack path
  enables high-impact outcomes\, including large-scale service disruption\,
  long-term unauthorized access to ISP networks\, customer traffic intercep
 tion\, and mass surveillance capabilities. These scenarios closely mirror 
 recent real-world disclosures involving nation-state actors covertly compr
 omising telecommunications providers in Western countries\, where control 
 over ISP infrastructure has been leveraged for strategic intelligence coll
 ection and population-scale monitoring.
DTSTAMP:20260627T175817Z
LOCATION:Track 1
SUMMARY:Breaking the Backbone of Global ISP Networks - Mathieu Farrell
URL:https://cfp.troopers.de/tr26-cfp/talk/SXCJNW/
END:VEVENT
END:VCALENDAR