Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hijacking an IP Camera Stream: SADProtocol Vulnerabilities and Hollywood-Style Exploitation

Ekoparty Security Conference via YouTube

Overview

Dive into a captivating conference talk exploring the real-world feasibility of hijacking IP camera streams, as often depicted in Hollywood movies. Uncover two LAN RCE vulnerabilities in Hikvision's Search Active Devices Protocol (SADP) and SDK server implementation found in several Ezviz products. Follow the speakers' journey through firmware analysis, vulnerability discovery, toolchain building, exploit development, and post-exploitation techniques. Learn how they achieved the movie-like feat of serving arbitrary streams to victims while maintaining other camera functionalities. Gain insights into the complex process of IoT hacking, including bypassing ASLR, in-memory code patching, and manipulating binary execution. Understand the implications for video surveillance system integrity and the security risks posed by these devices. Presented by Octavio Gianatiempo, a Security Researcher at Faraday, and Javier Aguinaga, a self-taught reverse engineer, this 39-minute talk from Ekoparty 2023 bridges the gap between IoT security research and cinematic hacking scenarios.

Syllabus

SADProtocol goes to Hollywood: Hijacking an IP camera stream as seen in movies-Gianatiempo /Aguinaga

Taught by

Ekoparty Security Conference

Reviews

Start your review of Hijacking an IP Camera Stream: SADProtocol Vulnerabilities and Hollywood-Style Exploitation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.