[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

OFFICIAL CONFERENCE VIDEOS HAVE BEEN RELEASED

HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Adrian ‘pagvac’ Pastor (ProCheckUp Ltd. / GNUCITIZEN)

Filed under: Main Page — Administrator @ 9:16 pm

Presentation Title: Cracking into Embedded Devices and Beyond!
Presentation Details

This is the updated version of my presentation given at HITBSecConf Dubai and CONFidence Krakow during this year. Vulnerability details for several 0days will be released during this presentation for the first time. Needless to say, demos will also be shown as the author of the presentation doesn’t believe in research presentations without live attacks!

The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device with a focus on vulnerabilities that can be exploited *remotely*.

Personal discoveries will be covered, including vulnerabilities found in home/SOHO devices and also corporate appliances. Some interesting vulnerabilities found on embedded devices by other peers such as Kevin Devine will also be explained.

The types of vulnerabilities discussed include, but are not limited to:

UPnP and HTTP CSRF
VoIP call jacking
SNMP injection
Phishing via Dynamic DNS poisoning
Prediction of default WEP/WPA encryption keys
Universal XSS against users “protected” by firewalls
Password leaks over SNMP
Insecure default SNMP settings
Authentication bypass
Privilege escalaton
Persistent HTML injection on admin consoles

Not only will *real attacks* be explored, but also the *consequences* of cracking into embedded devices. How nasty can it get after an embedded device has been exploited? How far does the rabbit hole go?

About Adrian

Adrian “pagvac” Pastor, BSc (Hons) Computer-aided Engineering, has contributed to the IT security community for several years, although he has been involved with the hacker/security scene as a hobbyist since an early age. He has authored several papers, numerous vulnerability advisories and has spoken at events such as HITBSecConf Dubai, CONFidence Krakow, OWASP London chapter and Defcon DC4420. Adrian is perhaps best known for finding critical vulnerabilities on the BT Home Hub, the most popular Wi-Fi home/SOHO router in the UK.

Adrian’s work has been featured in established media outlets such as BBC Radio 1, The Washington Post, Wired, Slashdot, PC Pro, The Register, PC World, CNET and many others. He currently works as a Senior White-hat Hacker specialized in vulnerability research, penetration testing, cutting edge security training, and finding simple solutions to complex problems.


Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By




Malaysian National Computer Confederation


Multimedia Development Corporation


Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor


Network Equipment Sponsor

Our Speakers are Supported By


Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations


Professional Information Security Association - Hong Kong









Special Interest Group in Security & Information InteGrity Singapore


Copyright 2008 Hack In The Box (M) Sdn. Bhd.