BEGIN:VCALENDAR PRODID:-//vBulletin 6//EN VERSION:2.0 CALSCALE:GREGORIAN BEGIN:VEVENT UID:53a61256-85b2-4437-a40d-255afe57aafc DTSTAMP:20260515T154559Z SUMMARY:Stepped on a Nail DESCRIPTION:Title: Stepped on a Nail\n\nDescription:\nIt was a crisp Octobe r evening as Nerdwell walked the streets of the Internet looking for juicy bugs. Suddenly\, his attention was drawn to something that he could not i gnore. "Is that memory?" He thought to himself\, "it sure is ... a whole h eap of it!"\n\nIn this talk\, Nerdwell will share the story of how a chanc e observation\, along with healthy doses of curiosity and persistence\, ul timately led to a high severity finding of unauthenticated remote memory d isclosure in the Mitel MiVoice 6800 and 6900 series SIP Phones. Nerdwell w ill take us through the technical details of CVE-2020-13617 and demonstrat e exploitation. He'll then share some of the insights gained along the way \, including:\n\n* Unexpected benefits of the emerging bug bounty industry upon IoT security in general\;\n* The roles of curiosity and creativity i n the hacker's mindset\, and how these traits influence security research\ ; and\n* Ways to use open source tools\, like Shodan.io and GitHub\, to se lect IoT devices for further research.\n\nThe talk will close with suggest ions for future research and tips for new researchers looking to break int o the field of IoT hacking.\n\nSpeaker(s): Matthew Byrdwell\n\nLocation: I oT Vlg / IOT Vlg\n\nDiscord: https://discord.com/channels/7082082676999455 03/732734565604655114\n\nEvent starts: 2020-08-08 18:00 (06:00 PM) PDT (UT C -07:00)\n\nEvent ends: 2020-08-08 18:45 (06:45 PM) PDT (UTC -07:00)\n\nF or the most up-to-date information\, please either visit https://info.defc on.org\, or use HackerTracker\, which is available for iOS and Android. Th is is an automated message\, and this data was last modified 2020-08-08T03 :04 (UTC). URL:https://forum.defcon.org/node/234222 DTSTART:20200809T020000Z DTEND:20200809T024501Z LOCATION:IoT Vlg / IOT Vlg END:VEVENT END:VCALENDAR