Detecting Persistent Threats on Draytek Devices - Security Assessment and Mitigation Tools

Learn about critical security vulnerabilities in Draytek devices through this DEF CON 32 conference presentation. Explore how advanced attackers target edge devices like VPNs and firewalls, with a specific focus on Draytek equipment that has over 500,000 routers exposed to the Internet. Discover the process of reverse-engineering Draytek's firmware format and the development of extraction tools, revealing how its RTOS kernel can load potentially malicious code modules that persist through firmware upgrades. Gain insights into crafting and uploading malicious modules using newly discovered vulnerabilities, and understand the challenges end-users face in detecting these compromises. Learn about a defensive solution involving a custom-developed module for assessing the integrity of loaded memory modules, and access community tools for improving observability, hardening, and vulnerability research on Draytek edge devices.