CONFidence Krakow 2K8
Cutting-edge Think Tank
Adrian pagvac Pastor
Senior White-hat Hacker at GNUCITIZEN
About GNUCITIZEN
Think tank
Involved
in research Public/independent Private/commercial
Ethical hacker outfit
Responsible
disclosure We have nothing to hide
The only active tiger team in the UK
Proud
to have some of the best pros in our team
About GNUCITIZEN
We like to contribute!
www.gnucitizen.net www.gnucitizen.org www.securls.com www.hakiri.org www.houseofhackers.org www.spinhunters.org
We also need to pay the bills (duh!)
www.gnucitizen.com
Cracking into embedded devices and beyond!
Practical overview of offensive techniques against embedded devices
The drive behind this research
Many embedded devices are much easier to
compromise than modern desktop/server systems
Yet
not much public research as compared to other sec research fields
Focused on HTTP, UPnP, SNMP and Wi-Fi
Attacking the web console is one of the easiest
ways to own the target device
Check
out the router hacking challenge if you dont believe us! [link]
Scope of type of environments
Home/SOHO
Corporate
In other words, this research affects:
Devices Devices
used by users or small offices used in corporate environments
Focus on remotely exploitable bugs
Yes, local network attacks are cool, but this
wasnt the focus of my research
Two types of remote attacks:

下一页