Presented at
Texas Cyber Summit 2019,
Oct. 12, 2019, 1 p.m.
(120 minutes)
IoT isn't going away, so it's our job to break it down and force it to be rebuilt securely. This workshop will introduce people to the basics of embedded system exploitation and take them from 0 to 0day against a SOHO router.
**Briefing Format:** Workshop (120 minutes)
**Audience Level:** Intermediate
**Description:** A team of veteran Vulnerability Researchers will guide participants through the beginning stages of attacking an embedded system, including: disassembly of the target; discovery of hardware interfaces; establishing console communication; protocol discovery; attack vector enumeration; fuzzing; reverse engineering and vulnerability discovery; crafting a PoC. Students won't learn everything there is to know in a workshop, but by the time they leave, they should have the tools they need to cut a path through the jungle and start finding hidden treasures. All attendees will need to have a working understanding of the C programming language, as well as knowledge of assembly language in any architecture (x86, ARM, MIPS, PowerPC, etc.), or they will be lost in the sauce. We will provide targets and a custom Kali Linux ISO with tools included that will be needed for the workshop, including that one Ghidra thing everyone keeps talking about. Students will need to provide their own laptop that they can use to spin up the ISO provided, either via virtualization or booted from media.
Presenters:
-
Martin Hodo
- Raytheon CODEX
Martin Hodo leads a team of vulnerability researchers at Raytheon CODEX with decades of combined experience sowing seeds of mayhem and causing chaos in embedded systems of all shapes and sizes. They believe the best things in life are seeing an instruction pointer read 0x41414141, trafficking in illicit packets, and exploiting innocent IoT devices. They’ve never seen an IRC channel they didn’t troll or a buffer they didn’t try to overflow.
Links:
Similar Presentations: