Presented at
Global AppSec - DC 2019,
Sept. 13, 2019, 4:30 p.m.
(45 minutes).
This talk is the result of a 6 month long person project of mine to automatically, unpack and analyze IoT firmware for common security issues, with a nice web GUI to boot. ByteSweep is a Free Software platform that automates a lot of the common steps I conduct manually when performing IoT pentests. ByteSweep utilizes the python libraries provides by binwalk to programatically extract filesystems from firmware images. In order to extract crypto keys and password hashes hard coded into firmware images, ByteSweep implements a custom strings regex search engine with configurable rules stored in a config file. Radare2's python r2pipe library is used to analyze extracted binaries for any unsafe function calls. (e.g. strcpy, sprintf, system, etc.) Version strings are extracted, using the strings regex search engine, from 3rd party components like open source programs and/or libraries. These version numbers are then compared against software version associated with CVEs by using the NVD JSON Data Feed.
My talk will feature live demos of the ByteSweep platform but I'll pre-record them all in case of failure.
ByteSweep Licensing:
* Web Frontend: AGPLv3
* Backend Worker: GPLv3
Presenters:
-
Matt Brown
Matt Brown (nmatt) works by day as an infosec professional and by night as a Free Software hacker. His interests in IoT security began at his first defcon (23) where he placed 2nd in the IoT CTF. Today, Matt works as an internal IoT pentester for a major home security company. Matt specializes in IoT pentesting and reverse engineering. When not hacking, you will find Matt serving at his local church or gaming on his PCI passthrough setup.
Links:
Similar Presentations: