Case Studies in Embedded VR - Silvio Cesare - Ekoparty Security Conference - 2022
Ekoparty Security Conference via YouTube
Overview
Explore case studies in embedded virtual reality through this conference talk from Ekoparty 2022. Delve into highly technical bugs and exploits, focusing on 0-day vulnerabilities exploited in-the-wild. Examine unique techniques and methods not previously seen in other exploit chains. Investigate the Netgear Nighthawk Router's security analysis, including service discovery, attack surface mapping, and reverse engineering. Learn about main approaches to analyzing modems and routers, including factory settings assumptions and user-mode emulation. Discover the process of whole system emulation and firmware emulation. Follow the journey of triggering bugs and developing a 100% reliable exploit. Conclude with insights into a DLink exploit, gaining valuable knowledge about embedded VR security vulnerabilities and exploitation techniques.
Syllabus
Intro
Netgear Nighthawk Router
Security Analysis
Finding Services
Modems and Routers
Main Approaches
Attack Surface Discovery
Reverse Engineering and Code Review
Factory settings
Assumptions
User-mode emulation
Whole System Emulation
Emulating Firmware
Triggering the Bug
First step
A 100% reliable exploit!
A DLink Exploit
Taught by
Ekoparty Security Conference