Attacking Encrypted HTTP Communications

TL;DR The Reolink RLC-520A PoE camera obfuscates its HTTP communication by encrypting the POST body data. This level of security does defend against opportunistic attackers but falls short when defending against persistent attackers. Introduction Different embedded devices have their own take on...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

Multiple Siemens products with integer underflow vulnerability

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

Awesome-Red-Teaming

This is an offensive tool for Red Teaming. It is a list of resources for anyone wishing to learn about Red Teaming, including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, command and contro...

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module

A new set of critical vulnerabilities has been disclosed in the Realtek RTL8170C Wi-Fi module that an adversary could abuse to gain elevated privileges on a device and hijack wireless communications. "Successful exploitation would lead to complete control of the Wi-Fi module and potential root...

Cosori Smart 5.8-Quart Air Fryer CS158-AF configuration server code execution vulnerability

Summary A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Tested Versions Cosori Smart...

Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)

In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s research focused on SolarCity’s now owned by Tesla rebranded ConnectPort X2e device...

Embedded device research. The tools you’ll need

Over the last couple of years, we’ve run many courses on embedded device security. The focus is often defensive, but all the courses have an aspect of offensive: hacking demonstration and real devices so that you can understand the mindset of an attacker. To hack devices, you need tools. And the...

Firmware Analysis Toolkit - Toolkit To Emulate Firmware And Analyse It For Security Vulnerabilities

FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the "Offensive IoT Exploitation " training conducted by Attify. Download AttifyOS Note: As of now, it is simply a script to...

Lantronix XPort Embedded Serial to Ethernet Device Server Detection

Binary data 279.prm...

TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to identify potential vulnerable indicators. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shell scripts w...

Citrix HDX Engine is not responding

Error "Citrix HDX engine is not Responding" when launching an application on windows embedded device with receiver 4.8/4.10...

Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability

Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...

TP-Link WR841N router arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently, we at TP-Link WR841N V8 router has discovered two vulnerabilities, the use of these two vulnerabilities, we can in this paragraph on the router the implementation of our custom code. With the manufacturers friendly consultations after them in the new router firmware fixes...

ASUS B1M projector remote commands execution Vulnerability

We recently obtained a ASUS B1M projector0 and have been exploring its capabilities when we discovered trivial to exploit vulnerabilities. The ASUS B1M features a small Wi-Fi adapter for a direct wireless connection to a notebook PC, or Android and iOS devices. The projector comes with an embedde...

Moxa MiiNePort Session Hijacking Vulnerability

Moxa MiiNePort is an embedded device networking module from Moxa designed for manufacturers to connect serial devices to a network connection. A security vulnerability exists in Moxa MiiNePort. An attacker could use this vulnerability to brute-force decode session cookies and download configurati...

MiniUPnP DNS Rebind Vulnerability

The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System DNS related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a...

Unauthorized Access Backdoor found in D-Link router Firmware Code

A number of D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access. The researcher Craig, specialized on the embedded device hacking - demonstrated the presence of a backdoor within some DLink routers that allows an attacker to access the administratio...

HD Moore, Project Sonar Crowdsources Vulnerability Analysis

The state of embedded device security is poor, and there hasn’t been much in the way of discussion to the contrary. It’s well established that vendors skimp on security, selling for example, routers and other networking gear protected only by default passwords, or other critical devices engineere...

Telnet Banner Reporting

This scripts reports the received banner of a Telnet service. SPDX-FileCopyrightText: 2005 SecuriTeam SPDX-FileCopyrightText: Reworked, improved and extended detection code and pattern since 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...