- Exploiting embedded HTTP servers with curl Students will apply a dynamic firmware analysis technique to identify authentication bypass in a consumer router and use it to reveal the plaintext password. (The underlying logic flaw is very similar to the widely exploited CVE-2018-10561.)
- Finding and exploiting command injection within device firmware Find command injection in a smart home controller and learn how to analyze the source in order to craft a suitable request to exploit it and get a shell.
- Fuzzing for vulnerabilities with a Simple Object Access Protocol (SOAP) API We will walk through developing an exploit chain to get a root shell on a popular line of smart home devices (outlets, lighting, etc). This attack does not require firmware access.
- Building more advanced payloads This section is about developing more interesting exploits. Students will learn how to prepare CSRF attacks as well as producing useful bindshell binaries that will run on embedded devices.
- Running virtualized embedded device firmware Students will learn about and experiment with various device emulation techniques including QEMU cross-architectural chroot and faking device functionality via library preloading.
- Leveraging DNS rebinding to attack local IoT remotely Students will build upon provided tools to demonstrate an end-to-end DNS rebinding attack against an embedded device to achieve code execution.
- Drive-by Rick Rolling Students will explore attack surface on media devices like Smart TVs, Google Home and Google Chromecast. From this, students will learn how to exploit the DIAL protocol to remotely hijack screens.
|A Guided Tour of Embedded Software Hacks||August 4-5||Black Hat USA||ALL|
|A Guided Tour of Embedded Software Hacks||July 9-10||Shakacon X||ALL|
|Intro to Brainwashing Embedded Systems||October 1||SecTor||1-3|
|Brainwashing Embedded Systems (Advanced)||October 1||SecTor||4-6|