Cracking into embedded devices and beyond

1 like3,960 views

This document discusses vulnerabilities in embedded devices that have web interfaces enabled by default. It describes how attackers can gain unauthorized access to these devices through their web interfaces and then use the devices to probe internal networks. Several examples of authentication bypass and cross-site scripting vulnerabilities are provided, demonstrating how attackers can change device settings or escalate privileges without proper authentication. Remote and client-side attacks are discussed, along with challenges in securely accessing embedded devices that are often overlooked.

Technology

Cracking into embedded devices and beyond

More Related Content

PDF

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps

hacktivity

PDF

AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs

Mikhail Egorov

PDF

A Hacker's perspective on AEM applications security

Mikhail Egorov

PDF

Hunting for security bugs in AEM webapps

Mikhail Egorov

PDF

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.

Mikhail Egorov

PDF

Hacking Adobe Experience Manager sites

Mikhail Egorov

PDF

Securing AEM webapps by hacking them

Mikhail Egorov

PDF

What should a hacker know about WebDav?

Mikhail Egorov

Mikhail Egorov - Hunting for bugs in Adobe Experience Manager webapps

hacktivity

AEM hacker - approaching Adobe Experience Manager webapps in bug bounty programs

Mikhail Egorov

A Hacker's perspective on AEM applications security

Mikhail Egorov

Hunting for security bugs in AEM webapps

Mikhail Egorov

What’s wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs.

Mikhail Egorov

Hacking Adobe Experience Manager sites

Mikhail Egorov

Securing AEM webapps by hacking them

Mikhail Egorov

What should a hacker know about WebDav?

Mikhail Egorov

What's hot (20)

PDF

Neat tricks to bypass CSRF-protection

Mikhail Egorov

PPTX

Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015

lokeshpidawekar

PPTX

Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek

Magno Logan

PPTX

Hacking Wordpress Plugins

Larry Cashdollar

PPSX

Attacking HTML5

AppSec_Labs

PDF

Web Security 101

Brent Shaffer

PPTX

How to discover 1352 Wordpress plugin 0days in one hour (not really)

Larry Cashdollar

PDF

OAuth2 - The Swiss Army Framework

Brent Shaffer

PDF

Frans Rosén Keynote at BSides Ahmedabad

Security BSides Ahmedabad

PPTX

Everybody loves html5,h4ck3rs too

Nahidul Kibria

PPTX

Fun with exploits old and new

Larry Cashdollar

PDF

10 common cf server challenges

ColdFusionConference

PPTX

Ten Commandments of Secure Coding

Mateusz Olejarka

DOCX

Web-servers & Application Hacking

Raghav Bisht

PPT

Django (Web Applications that are Secure by Default)

Kishor Kumar

PPTX

MITM Attacks on HTTPS: Another Perspective

GreenD0g

PDF

Attacking Drupal

Greg Foss

PDF

Entity provider selection confusion attacks in JAX-RS applications

Mikhail Egorov

PDF

Making Joomla Insecure - Explaining security by breaking it

Tim Plummer

PDF

Web Application Firewall: Suckseed or Succeed

Prathan Phongthiproek

Neat tricks to bypass CSRF-protection

Mikhail Egorov

Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015

lokeshpidawekar

Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek

Magno Logan

Hacking Wordpress Plugins

Larry Cashdollar

Attacking HTML5

AppSec_Labs

Web Security 101

Brent Shaffer

How to discover 1352 Wordpress plugin 0days in one hour (not really)

Larry Cashdollar

OAuth2 - The Swiss Army Framework

Brent Shaffer

Frans Rosén Keynote at BSides Ahmedabad

Security BSides Ahmedabad

Everybody loves html5,h4ck3rs too

Nahidul Kibria

Fun with exploits old and new

Larry Cashdollar

10 common cf server challenges

ColdFusionConference

Ten Commandments of Secure Coding

Mateusz Olejarka

Web-servers & Application Hacking

Raghav Bisht

Django (Web Applications that are Secure by Default)

Kishor Kumar

MITM Attacks on HTTPS: Another Perspective

GreenD0g

Attacking Drupal

Greg Foss

Entity provider selection confusion attacks in JAX-RS applications

Mikhail Egorov

Making Joomla Insecure - Explaining security by breaking it

Tim Plummer

Web Application Firewall: Suckseed or Succeed

Prathan Phongthiproek

Viewers also liked (6)

PPS

Accidente

josemorales

PPT

Me And My Cousins

jumpback

PPS

Suegra

fervicena

PPS

Deseos En Esta Navidad 1877

steffens

PPT

Presentation Of The Subject

pascual1

ODP

Belarus / What do we teach about our neighbours?

Accidente

Me And My Cousins

Suegra

Deseos En Esta Navidad 1877

steffens

Presentation Of The Subject

pascual1

Belarus / What do we teach about our neighbours?

neighbours.vsb.lv

Similar to Cracking into embedded devices and beyond (20)

ODP

Cracking Into Embedded Devices - HACK.LU 2K8

guest441c58b71

PDF

Embedded systems

Katy Anton

PDF

They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces

michelemanzotti

PPTX

Hacking routers as Web Hacker

HeadLightSecurity

PDF

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"

Defcon Moscow

PDF

Hacking routers as Web Hacker

Михаил Фирстов

PDF

Pentesting an unfriendly environment: bypassing (un)common defences and mate ...

Sandro Zaccarini

PDF

Pwning bsnl

Vengadanathan Srinivasan

PDF

BSNL hacks

Vengadanathan Srinivasan

PDF

Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests

📡 Sebastien Dudek

PPT

Bsides-Philly-2016-Finding-A-Companys-BreakPoint

Zack Meyers

PPTX

Pentest Expectations

Ihor Uzhvenko

PDF

0day hunting a.k.a. The story of a proper CPE test

Balazs Bucsay

PDF

0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay

Shakacon

PPT

Securing Network Access with Open Source solutions

Nick Owen

PPTX

CableTap - Wirelessly Tapping Your Home Network

Christopher Grayson

PDF

DEF CON 24 - workshop - Craig Young - brainwashing embedded systems

Felipe Prado

PDF

Wireless Hotspot: The Hackers Playground

Jim Geovedi

PPTX

Root via sms. 4G security assessment

Sergey Gordeychik

PDF

Hacking intranet websites

shehab najjar

Cracking Into Embedded Devices - HACK.LU 2K8

guest441c58b71

Embedded systems

Katy Anton

They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces

michelemanzotti

Hacking routers as Web Hacker

HeadLightSecurity

Defcon Moscow #0x0A - Mikhail Firstov "Hacking routers as Web Hacker"

Defcon Moscow

Hacking routers as Web Hacker

Михаил Фирстов

Pentesting an unfriendly environment: bypassing (un)common defences and mate ...

Sandro Zaccarini

Pwning bsnl

Vengadanathan Srinivasan

BSNL hacks

Vengadanathan Srinivasan

Security PWNing 2018 - Penthertz: The use of radio attacks during redteam tests

📡 Sebastien Dudek

Bsides-Philly-2016-Finding-A-Companys-BreakPoint

Zack Meyers

Pentest Expectations

Ihor Uzhvenko

0day hunting a.k.a. The story of a proper CPE test

Balazs Bucsay

0Day Hunting A.K.A. The Story of a Proper CPE Test by Balazs Bacsay

Shakacon

Securing Network Access with Open Source solutions

Nick Owen

CableTap - Wirelessly Tapping Your Home Network

Christopher Grayson

DEF CON 24 - workshop - Craig Young - brainwashing embedded systems

Felipe Prado

Wireless Hotspot: The Hackers Playground

Jim Geovedi

Root via sms. 4G security assessment

Sergey Gordeychik

Hacking intranet websites

shehab najjar

More from amiable_indian (20)

PDF

Phishing As Tragedy of the Commons

amiable_indian

PDF

Cisco IOS Attack & Defense - The State of the Art

amiable_indian

PDF

Secrets of Top Pentesters

amiable_indian

PPS

Workshop on Wireless Security

amiable_indian

PDF

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...

amiable_indian

PPS

Workshop on BackTrack live CD

amiable_indian

PPS

Reverse Engineering for exploit writers

amiable_indian

PPS

State of Cyber Law in India

amiable_indian

PPS

AntiSpam - Understanding the good, the bad and the ugly

amiable_indian

PPS

Reverse Engineering v/s Secure Coding

amiable_indian

PPS

Network Vulnerability Assessments: Lessons Learned

amiable_indian

PPS

Economic offenses through Credit Card Frauds Dissected

amiable_indian

PPS

Immune IT: Moving from Security to Immunity

amiable_indian

PPS

Reverse Engineering for exploit writers

amiable_indian

PPS

Hacking Client Side Insecurities

amiable_indian

PDF

Web Exploit Finder Presentation

amiable_indian

PPT

Network Security Data Visualization

amiable_indian

PPT

Enhancing Computer Security via End-to-End Communication Visualization

amiable_indian

PDF

Top Network Vulnerabilities Over Time

amiable_indian

PDF

What are the Business Security Metrics?

amiable_indian

Phishing As Tragedy of the Commons

amiable_indian

Cisco IOS Attack & Defense - The State of the Art

amiable_indian

Secrets of Top Pentesters

amiable_indian

Workshop on Wireless Security

amiable_indian

Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...

amiable_indian

Workshop on BackTrack live CD

amiable_indian

Reverse Engineering for exploit writers

amiable_indian

State of Cyber Law in India

amiable_indian

AntiSpam - Understanding the good, the bad and the ugly

amiable_indian

Reverse Engineering v/s Secure Coding

amiable_indian

Network Vulnerability Assessments: Lessons Learned

amiable_indian

Economic offenses through Credit Card Frauds Dissected

amiable_indian

Immune IT: Moving from Security to Immunity

amiable_indian

Reverse Engineering for exploit writers

amiable_indian

Hacking Client Side Insecurities

amiable_indian

Web Exploit Finder Presentation

amiable_indian

Network Security Data Visualization

amiable_indian

Enhancing Computer Security via End-to-End Communication Visualization

amiable_indian

Top Network Vulnerabilities Over Time

amiable_indian

What are the Business Security Metrics?

amiable_indian

Recently uploaded (20)

PDF

Dropbox Q2 2025 Financial Results & Investor Presentation

Dropbox

PPTX

sap open course for s4hana steps from ECC to s4

sreeni2106invites

DOCX

The AUB Centre for AI in Media Proposal.docx

GAONE9

PDF

Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton

Julien SIMON

PDF

cuic standard and advanced reporting.pdf

SimoneTitaniumTomase

PDF

Blue Purple Modern Animated Computer Science Presentation.pdf.pdf

Akar16

PPTX

ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx

23bcla24

PDF

Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...

Peter Tan

PDF

Advanced methodologies resolving dimensionality complications for autism neur...

IAESIJAI

PDF

The Rise and Fall of 3GPP – Time for a Sabbatical?

3G4G

PPTX

Understanding_Digital_Forensics_Presentation.pptx

ImranKhan423233

PPTX

VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx

blackmambaettijean

PPTX

Cloud computing and distributed systems.

kkkkkhan

PDF

NewMind AI Weekly Chronicles - August'25 Week I

NewMind AI

PDF

Mobile App Security Testing_ A Comprehensive Guide.pdf

flufftailshop

PDF

Chapter 3 Spatial Domain Image Processing.pdf

Getnet Tigabie Askale -(GM)

PPT

Teaching material agriculture food technology

LiaRayya

PDF

Spectral efficient network and resource selection model in 5G networks

IAESIJAI

PPTX

KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx

muhammadmuneebnaeem7

PDF

Build a system with the filesystem maintained by OSTree @ COSCUP 2025

Jian-Hong Pan

Dropbox Q2 2025 Financial Results & Investor Presentation

Dropbox

sap open course for s4hana steps from ECC to s4

sreeni2106invites

The AUB Centre for AI in Media Proposal.docx

GAONE9

Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton

Julien SIMON

cuic standard and advanced reporting.pdf

SimoneTitaniumTomase

Blue Purple Modern Animated Computer Science Presentation.pdf.pdf

Akar16

ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx

23bcla24

Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...

Peter Tan

Advanced methodologies resolving dimensionality complications for autism neur...

IAESIJAI

The Rise and Fall of 3GPP – Time for a Sabbatical?

3G4G

Understanding_Digital_Forensics_Presentation.pptx

ImranKhan423233

VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx

blackmambaettijean

Cloud computing and distributed systems.

kkkkkhan

NewMind AI Weekly Chronicles - August'25 Week I

NewMind AI

Mobile App Security Testing_ A Comprehensive Guide.pdf

flufftailshop

Chapter 3 Spatial Domain Image Processing.pdf

Getnet Tigabie Askale -(GM)

Teaching material agriculture food technology

LiaRayya

Spectral efficient network and resource selection model in 5G networks

IAESIJAI

KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx

muhammadmuneebnaeem7

Build a system with the filesystem maintained by OSTree @ COSCUP 2025

Jian-Hong Pan