Brainwashing Embedded Systems - Octavius 15/16

Brainwashing Embedded Systems - Octavius 15/16

Actions and Detail Panel

Sales Ended

Date and time


Caesars Palace

Paradise, NV 89109

View map


Brainwashing Embedded Systems

Instructor - Craig Young, Lane Thames, Jiva

Pre-Requisites - Intermediate *nix knowledge; proficiency with a shell (including writing BASH or similar scripts); strong understanding of HTTP. Familiarity with tools for working with HTTP is a big plus (i.e. cURL, Burp, urllib, etc)

Abstract - Learning the secret incantations to make embedded systems carry out your will is not as hard as one might think. In the world of IoT, the hardened system is rare and most times a firmware image is more than enough to find and exploit weakness. This session explains in detail a process for going from zero-knowledge to zero-day on real-world devices without breaking a sweat. Attendees to this tutorial session will learn the ropes of firmware dissection, app decompilation, and manual fuzz testing in a hands-on hack lab. Participants will be provided with a customized Kali Linux virtual appliance and given access to several consumer devices for analysis. These techniques have been successfully employed by the author to identify over 100 CVEs on embedded/IoT devices as well as to win the 0-day and CTF tracks in the DEF CON 22 SOHOpelessly Broken router hacking competition.

Required materials - Nothing is required but in order to make the most out of the workshop, students will want to have a laptop with an 802.11 adapter and virtualization software capable of running an x86_64 virtual machine from an OVA/OVF (e.g. VirtualBox or VMWare). Virtual machine files will be made available for download from the Internet before the workshop and it is best for participants to load the content in advance. The material will also be available on USB and a local file server.

Save This Event

Event Saved