Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting Cloud Connectivity to Compromise Network-Attached Storage Devices

DEFCONConference via YouTube

Overview

Explore a detailed security research presentation from DEF CON 31 that reveals critical vulnerabilities in network-attached storage (NAS) devices and their cloud connectivity features. Learn how researchers discovered and exploited authentication weaknesses in both Western Digital and Synology NAS systems during Pwn2Own Toronto 2022, demonstrating how hardware identifiers used for cloud authentication can be manipulated for device impersonation and phishing attacks. Dive deep into the technical architecture of cloud-based NAS systems, understanding the pairing mechanisms, and discover how certificate transparency logs can be leveraged to enumerate and compromise edge devices. Understand the methods used to intercept cloud proxy authentication tokens, enabling unauthorized access to stored files, data manipulation, and remote code execution capabilities that bypass NAT/Firewall protections.

Syllabus

DEF CON 31 - A Pain in the NAS Exploiting Cloud Connectivity to PWN your NAS - Moshe, Brizinov

Taught by

DEFCONConference

Reviews

Start your review of Exploiting Cloud Connectivity to Compromise Network-Attached Storage Devices

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.