A Playbook for Integration Servers
Ryan Bonner, Guðmundur Karlsson
Recon Village @ DEF CON 33 · Day 1 · Recon Village
This talk, "Plumbing the Plumber: A Playbook for Integration Servers," delivered by Ryan Bonner and Guðmundur Karlsson at Recon Village, presents a comprehensive guide for identifying and exploiting vulnerabilities in **WebMethods Integration Servers**. These critical middleware platforms, recently acquired by IBM, act as the central nervous system for large enterprises, connecting disparate systems from legacy mainframes to modern cloud applications like Salesforce. The speakers highlight that despite their crucial role in banking, healthcare, insurance, and financial transactions, these servers often represent an "undocumented plumbing" of the corporate world, largely overlooked by security researchers.
AI review
Solid niche research that punches above its weight by opening up a genuinely under-scrutinized attack surface in enterprise middleware. The combination of a practitioner with a decade of WebMethods internals and a pentester who systematized it into tooling gives this real credibility — 50+ default-credentialed hosts on Shodan and accidental hospital DoS aren't things you fabricate.