5 matches found
Root Access for Data Control: A DEF CON IoT Village Story
Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In our previous posts, we covered how to achieve access to flash memory, how to extract file system data from the device, and how to modify the data we've extracted. In this post, we'll cover how to gain root access...
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
Rapid7 was back this year at DEF CON 30 participating at the IoT Village with another hands-on hardware hacking exercise, with the goal of teaching attendees' various concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics,...
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1
This year, Rapid7 participated at the IoT Village during DefCon29 by running a hands-on hardware hacking exercise, with the goal of exposing attendees to concepts and methods for IoT hacking. Over the years, these exercises have covered several different embedded device topics, including how to u...
SNMP Incorrect Access Control Vulnerability (CVE 2017-5135) (StringBleed)
In DEFCON 24 IoT Village i gave a talk about the danger of SNMP write properties enabled devices in the IoT, police patrols, ambulances and other in the “critical mission vehicles” were affected in that research. In December 2016 with a colleague from Argentina Ezequiel Fernandez we decided to...