[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Keynote Videos Now Available for Download

Day 1 Keynote: Bruce Schneier - Schneier on Security
Day 2 Keynote: Jeremiah Grossman - Hacks Happen

Adrian ‘pagvac’ Pastor (ProCheckUp Ltd. / GNUCITIZEN)

Filed under: Main Page — Administrator @ 9:16 pm

Presentation Title: Cracking into Embedded Devices and Beyond!
Presentation Details

The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device.

Most of the vulnerabilities discussed are web bugs that can be exploited remotely. The reason for focusing on such type of flaws, is because I’ve personally had several successful experiences discovering important/critical vulnerabilities. Additionally, the presentation is focused on vulnerabilities that can be exploited remotely.

Some of my personal discoveries will be covered, including vulnerabilities found on Axis IP cameras, Belkin “belkin54g” family of routers, BT Home Hub wireless routers (Thomson/Alcatel Speedtouch 7G), BT Voyager 2091, 3COM APXXXX Dual Radio 11a/b/g Access Point, and Linksys Wireless-G ADSL Gateway (WAG54GS). Some interesting vulnerabilities found on embedded devices by other peers will also be explained.

Not only *real attacks* will be explored, but also the *consequences* of cracking into embedded devices. How nasty can it get after an embedded device has been exploited? How far does the rabbit hole go?

In the case of routers, scenarios include eavesdropping the victim(s)’ Internet connection, controlling the traffic flow, stealing services such as TV streaming and VoIP. In the case of miscellaneous devices such as IP cameras scenarios include replacing the surveillance video stream, and one of my favorites: using the device as a stepping stone to penetrate into the corporate network after the device as been compromised from an attack originated from the Internet.

Classic attacks against embedded devices will also be discussed, although this will be a minor portion of the presentation. Finally, possibilities of exploiting FON, a community-shared Wi-Fi network will be discussed.

About Adrian

Adrian ‘pagvac’ Pastor, BSc (Hons) Computer Engineering, has been part of the security community for about four years, although he has been interested in the hacker culture since an early age. He currently works as a senior pentester and security researcher for ProCheckUp (www.procheckup.com), a leading independent specialist security organization based in London, UK. Additionally, Adrian is an active security researcher at GNUCITIZEN (www.gnucitizen.org), a renowned white-hat hacker think tank where he enjoys breaking things and publishing his findings.

Adrian is currently interested in topics such as web security, eavesdropping techniques, magstripes, and embedded devices. His research has been featured in established magazines and information portals such as BBC, The Washington Post, Wired, Slashdot, PC Pro, The Register, PC World, CNET and many others.



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Event Partner


SCANIT ME LLC


OGER SYSTEMS

Supported & Endorsed By


UAE Telecommunications Regulatory Authority (TRA)


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)


ArgenISS

Gold Sponsors


Google


Microsoft Corporation

Official Media Partner (Magazine)


Network Middle East


Arabian Computer News


ITP Business

Official Airline Partner


Emirates Airlines

Our Speakers are Supported By


Bellua Asia Pacific

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations



CONFidence


ISECOM - Insititue for Security and Open Methodologies


ISACA Malaysia


IT Underground


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore


Syscan