03-29, 17:00–17:30 (Europe/Ljubljana), P1
Preboot Execution Environment (PXE) is a widely used network boot technology that allows machines to boot over a network without local storage. However, this convenience comes with security risks. In this session, we will explore how PXE works and how attackers can exploit misconfigurations to extract passwords and gain unauthorized access. Through practical demonstrations, we will analyze real-world attack scenarios, discuss potential countermeasures, and provide security best practices to defend against PXE-based attacks.
PXE booting is a powerful tool used in enterprise environments for system deployment and recovery, but it is often overlooked as a security risk. In this 30-minute seminar, we will cover:
- Understanding PXE: How network booting works and why it is commonly used.
- How PXE Can Be Exploited: Common vulnerabilities, including unauthenticated booting and insecure TFTP transfers.
- Extracting Passwords: Demonstrating how attackers can intercept PXE boot files, retrieve hashed passwords, and escalate privileges.
- Live Demo: A step-by-step exploitation of a misconfigured PXE server.
- Mitigation Strategies: How to secure PXE environments against unauthorized access.
Žan Urbančič is a penetration tester and cybersecurity specialist with a comprehensive skill set in offensive security, vulnerability assessment, and security implementation. He holds multiple industry-recognized certifications, including CCNA, eJPT, eCPPTv2, CRTP, CRTE, and OSCP, demonstrating deep expertise in network security, Active Directory exploitation, and advanced penetration testing methodologies. Passionate about staying ahead of emerging cyber threats, vulnerabilities (CVEs), and security trends, he proactively identifies, analyzes, and mitigates risks to strengthen organizational security postures. His experience includes testing and deploying XDR solutions such as Cynet, SentinelOne, and Sophos, as well as working with SIEM platforms like QRadar and Splunk to enhance threat detection, incident response, and threat hunting capabilities. Žan has also participated in Locked Shields and Crossed Swords, the largest NATO cyber exercises, where he gained hands-on experience in real-world cyber warfare simulations and both defensive and offensive cybersecurity operations. These experiences have further sharpened his ability to respond to advanced persistent threats (APTs), conduct red team engagements, and support blue team operations in high-stakes environments.
Danijela is a business company leader with 15 years of experience in the technology sector, specializing in strategic growth, operational excellence, and innovation. She is a former CEO of a successful IT hardware company, where she was in charge of market expansion, operations optimisation, and business growth strategies. Currently she is serving as Business Director in cybersecurity industry, driving strategic initiatives, business development, and organizational performance to position the company as a market leader, with the effort to be educated and having a good insight with the field of expertise.
For the purpose of being competent, she obtained the eJPT certification and lately acquired the CRTP certification in Cybersecurity.