Tweet
The world is moving towards smart culture everything nowadays is smart, and mostly all are those smart devices are basically embedded devices with internet connectivity or some provision to connect with the internet. Since these devices are booming in market this also tempting lots of people/groups for hacking. In this 1 hour talk we will discuss how to test the embedded/IoT devices, it would give you a methodology for assessment, how to perform firmware analysis, identifying vulnerable components, basic approach for reverse engineering the binaries to discover potential remote code execution, memory corruption vulnerabilities by looking for native vulnerable functions in C or bad implementation of functions like System, popen, pclose etc. After conducting static analysis, firmware analysis we will move towards dynamic testing approach which include web application testing, Underlying OS security testing, identifying vulnerabilities and misconfiguration in device. At last we will move towards fuzzing the device via web application parameters and installing appropriate debugger on device to identify memory corruption vulnerabilities.
DELIVERABLES
Methodology for testing embedded devices
Deep dive into device security testing from beginner level to developing exploit
And At last, a good intro into how to break known security boundary of embedded/IoT devices by knowing its weakness and thereby securing it.
Speaker(s): Kaustubh Padwad
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-06 23:00 (11:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 00:00 (12:00 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-30T05:32 (UTC).
DELIVERABLES
Methodology for testing embedded devices
Deep dive into device security testing from beginner level to developing exploit
And At last, a good intro into how to break known security boundary of embedded/IoT devices by knowing its weakness and thereby securing it.
Speaker(s): Kaustubh Padwad
Location: Red Team Vlg
Discord: https://discord.com/channels/7082082...77357820411944
Event starts: 2020-08-06 23:00 (11:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-07 00:00 (12:00 AM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-07-30T05:32 (UTC).