2018 VERT IoT Hack Lab Training

I’m pleased to announce that next month, I will be offering the two-day training series A Guided Tour of Embedded Software Hacks at Shakacon X as well as at Black Hat USA in August. As a reminder, I will also be back at SecTor with reloaded material for a one-day Brainwashing Embedded Systems advanced class aimed at students who have already completed a Brainwashing Embedded Systems training at AusCERT, SecTor or DEF CON. Additionally, Tyler Reguly and Dr. Lane Thames will be running an introductory Brainwashing Embedded Systems class in parallel to the advanced class at SecTor.

The topics planned for this year are as follows:

1. 1. Exploiting embedded HTTP servers with curl
      Students will apply a dynamic firmware analysis technique to identify authentication bypass in a consumer router and use it to reveal the plaintext password. (The underlying logic flaw is very similar to the widely exploited CVE-2018-10561.)
   2. Finding and exploiting command injection within device firmware
      Find command injection in a smart home controller and learn how to analyze the source in order to craft a suitable request to exploit it and get a shell.
   3. Fuzzing for vulnerabilities with a Simple Object Access Protocol (SOAP) API
      We will walk through developing an exploit chain to get a root shell on a popular line of smart home devices (outlets, lighting, etc). This attack does not require firmware access.
   4. Building more advanced payloads
      This section is about developing more interesting exploits. Students will learn how to prepare CSRF attacks as well as producing useful bindshell binaries that will run on embedded devices.
   5. Running virtualized embedded device firmware
      Students will learn about and experiment with various device emulation techniques including QEMU cross-architectural chroot and faking device functionality via library preloading.
   6. Leveraging DNS rebinding to attack local IoT remotely
      Students will build upon (Read more...)