Breaking BHAD - Abusing Belkin Home Automation Devices

Breaking BHAD - Abusing Belkin Home Automation Devices

Black Hat via YouTube Direct link

NIT Script Execution

18 of 36

18 of 36

NIT Script Execution

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Breaking BHAD - Abusing Belkin Home Automation Devices

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 Agenda
  3. 3 What is Wemo
  4. 4 How Wemo works
  5. 5 Why Wemo
  6. 6 Headlines
  7. 7 Command Injection Vulnerability
  8. 8 Attack Scenario
  9. 9 How Rules Work
  10. 10 Rule Updating Algorithm
  11. 11 Rule ID
  12. 12 Sequel Injection
  13. 13 Attach Database Syntax
  14. 14 OpenWRT
  15. 15 Command Execution
  16. 16 Malicious Database
  17. 17 NIT Script
  18. 18 NIT Script Execution
  19. 19 NIT Script Demo
  20. 20 Anatomy of the Attack
  21. 21 Takeaways
  22. 22 Teardown
  23. 23 Logging In
  24. 24 You Boot Console
  25. 25 No Dev Console
  26. 26 Modifying Linux File System
  27. 27 Modifying Flash Password
  28. 28 Application Process
  29. 29 Conclusions
  30. 30 The Cloud
  31. 31 Cordova
  32. 32 Changing Device Name
  33. 33 Java Classes
  34. 34 Alert Box
  35. 35 Second and Third Order Effects
  36. 36 Disclosure Timeline

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.