Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A Journey Into Synology NAS

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of Synology NAS security in this 50-minute conference talk from Hack In The Box Security Conference. Dive into the world of Network Attached Storage (NAS) with a focus on Synology, the leader in small-business and home NAS solutions. Learn how to prepare the environment for security research, identify device models and versions through fingerprinting, and understand local services used for device management. Discover a Wireshark plugin for dissecting the syno_finder protocol, and gain insights into the login flow and internal process flow for remote access. Examine vulnerabilities from both local and remote attack perspectives that could potentially compromise the device. Benefit from the speaker's expertise as a security engineer from Qihoo 360 Nirvan Team, specializing in embedded device security. Cover topics including installation, preparation, local and remote adversary perspectives, device fingerprinting, HTTP request process flow, remote attack surfaces, and various Synology applications such as DS file, Synology Calendar, Media Server, and Audio Station.

Syllabus

MEET THE SPEAKER
TRACK1
About me
Agenda
What is NAS?
Why Synology NAS?
Synology NAS News
Previous Research
Installation - "Black" Synology Manly focus on DSM61
Preparation
Local Adversary's Perspective
Services: findhostd
Services: iscsi_snapshot_comm_core #3 signe
out-of-bounds read
improper access control
Remote Adversary's Perspective
Device Fingerprinting
Http Request Process Flow
Remote Attack Surface
DS file App
Synology Calendar
Media Server
Audio Station
What We Have Learnt

Taught by

Hack In The Box Security Conference

Reviews

Start your review of A Journey Into Synology NAS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.