Overview
Explore a comprehensive methodology for embedded device vulnerability analysis in this 32-minute conference talk by Kyle O'Meara and Madison Oliver from 0xdade. Learn about TROMMEL, an open-source tool designed to assist researchers in their analysis. Discover a holistic approach that goes beyond preliminary findings, encompassing firmware, web application, mobile application, and hardware analysis. Follow a case study of a Wi-Fi camera to see the methodology in action, demonstrating its applicability to various embedded devices. Gain insights into information gathering, vulnerability disclosure, and future work in this field. Benefit from the speakers' extensive experience in information technology and cybersecurity as they provide actionable strategies for more thorough and comparable embedded device research.
Syllabus
Intro
Introductions
Who is Kyle
Agenda
Introduction
Motivation
Methodology
Curation
Information Gathering
Firmware Analysis
Web Application Analysis
Mobile Application Analysis
Hardware Analysis
Vulnerability Disclosure
Why Dlink
Background Research
Firmware
File of Interest
Web App
Wildcard Entry
Mobile Application
Identifying Markings
Identifying Components
Comparing Firmware
Comparing Firmware Files
Exploit Attempts
Cert Coordination Center
Future Work
Conclusion
Contact Information
Firmware File
File Dump
Questions
Taught by
0xdade