SOHO Hacking at Pwn2Own

Explore the security challenges of home office networks and enterprise perimeter shifts in this conference talk from Hack In The Box Security Conference. Dive into the methodologies used by NCC Exploit Development Group (EDG) to rapidly identify vulnerabilities in consumer routers and small business devices during Pwn2Own 2022 Toronto. Learn about the differences between LAN and WAN attack surfaces, custom tooling for vulnerability analysis, and the process of creating multiple exploit chains. Discover specific vulnerabilities found in Netgear, TP-Link, and Synology devices, and understand the unique challenges posed by the Pwn2Own competition. Examine the development of multi-stage exploit chains used to compromise routers via WAN and pivot to LAN devices. Gain insights into the security shortcomings of consumer devices and their implications for end users and enterprises. Witness demonstrations of vulnerabilities and understand how threat actors could exploit these attacks for lateral movement and persistence in networks.