Learn about critical security vulnerabilities in Draytek devices through this DEF CON 32 conference presentation. Explore how advanced attackers target edge devices like VPNs and firewalls, with a specific focus on Draytek equipment that has over 500,000 routers exposed to the Internet. Discover the process of reverse-engineering Draytek's firmware format and the development of extraction tools, revealing how its RTOS kernel can load potentially malicious code modules that persist through firmware upgrades. Gain insights into crafting and uploading malicious modules using newly discovered vulnerabilities, and understand the challenges end-users face in detecting these compromises. Learn about a defensive solution involving a custom-developed module for assessing the integrity of loaded memory modules, and access community tools for improving observability, hardening, and vulnerability research on Draytek edge devices.
Detecting Persistent Threats on Draytek Devices - Security Assessment and Mitigation Tools
Overview
Syllabus
DEF CON 32 - Detecting persistent threats on Draytek devices - Octavio Gianatiempo, Gastón Aznarez
Taught by
DEFCONConference
Related Courses
-
Unlocking the Gates: Hacking Industrial Remote Access Solutions
-
Inside Dash Cam Custom Protocols and Security Vulnerabilities
-
Compromising Electronic Loggers and Creating Truck-to-Truck Worm - Security Vulnerabilities in ELD Systems
-
VDA Shenanigans: Attacking and Defending Vehicle Diagnostics Adapters
