OWASPOttawa October 16th 2024: TunnelVision (CVE-2024-3661): A VPN bypass

Welcome to our in-Person Meetup at the University of Ottawa

In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117

We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!

YouTube Live Stream Link: https://www.youtube.com/watch?v=kVEKljPZTq8

6:00 PM EST Arrival, setup, mingle, PIZZA!!!

6:30 PM EST Technical Talks

1. Introduction to OWASP Ottawa, Public Announcements.
2. TunnelVision (CVE-2024-3661): A VPN bypass or a feature?

Abstract:
CVE-2024-3661 introduces a novel attack vector capable of bypassing VPN protections and redirecting traffic outside the secure tunnel. This presentation will explore the technical details of "Tunnel Vision," an attack that exploits vulnerabilities in network routing protocols to compromise the integrity of VPN connections.

Speakers:
Harsh Makwana, M.Eng, is an Application Security Consultant at Software Secured with over 3 years of experience in penetration testing. An alumnus of the University of Ottawa, Harsh is a general technologist with a strong interest in the advancements of both cybersecurity and industrial robotics. Outside of work, he enjoys exploring photography and illustration as creative pursuits.