Skip to content ↓ | Skip to navigation ↓

Come get your hands dirty with embedded device hacks during my DEF CON 24 workshop.

Brainwashing Embedded Systems will be held in Las Vegas Ballroom 3 on Saturday, August 6, from 10AM – 2PM. This workshop is a condensed version of the full-day training offered at the 2016 AusCERT and SecTor conferences. During the workshop, you will learn about the methods I used to win the first-ever SOHOpelessly Broken tracks 0 and 1, as well as to exploit vulnerabilities in products ranging from NAS to smart home automation systems and cameras.

The best way to learn is with hands on activities, so I’m bringing a suitcase full of hackable embedded devices with exercises to complete.

Some of the embedded devices I’ll be bringing include:

  • Routers (NETGEAR, Asus, D-Link, TRENDnet, Belkin)
  • Network Attached Storage (NETGEAR, Western Digital)
  • Cameras (Belkin, Summer Infant, Loftek, D-Link)
  • Home Automation (Quirky Wink Hub, Belkin WeMo, MiOS VeraLite)

The workshop will walk through various techniques involved with identifying and exploiting weakness based on a combination of firmware analysis, manual exploration and Android app reversing.  By following along with the hands-on exercises, you will walk away with everything you need to start hacking consumer and enterprise embedded devices without breaking a sweat or a warranty sticker.

To get the most out of this class, you will want to bring a laptop capable of hosting a provided x86_64 Kali 2.0 environment pre-loaded with firmware images and tools. In an effort to reduce setup time, I will be posting the virtual machine image online once I have finalized it for DEF CON 24.

I encourage anyone who is interested in attending to sign-up below, and you will be emailed a download link when it becomes available. Downloading and installing the image before DEF CON will help you get the most out of your time. (Addresses provided through this form will be used only to send out a download link and then discarded. You will not be added to any marketing lists and your information will not be sold.)

Sign-up Here

* indicates required