filmov
tv
BSidesTO 2014 - Batch Firmware Analysis - Jeremy Richards
Показать описание
Jeremy says:
Finding vulns in firmware is like shooting fish in a barrel. Watch as layers of obfuscation are peeled away with binwalk and the juicy squash-fs file systems, MIPS binaries and source is used bug hunt like its 1997. Laugh with me as we analyze injection, overflow, and disclosure bugs on routers, NAS, and other devices.
These vulns are easy to understand, incredibly powerful and sit on embedded systems. Firmware is rarely updated unless the user is having a problem making this a persistent problem. Bonus fun is analyzing extracted MIPS-ELF binaries in IDA Pro and performing remote GDB with qemu-mipsel-static if there is time.
Finding vulns in firmware is like shooting fish in a barrel. Watch as layers of obfuscation are peeled away with binwalk and the juicy squash-fs file systems, MIPS binaries and source is used bug hunt like its 1997. Laugh with me as we analyze injection, overflow, and disclosure bugs on routers, NAS, and other devices.
These vulns are easy to understand, incredibly powerful and sit on embedded systems. Firmware is rarely updated unless the user is having a problem making this a persistent problem. Bonus fun is analyzing extracted MIPS-ELF binaries in IDA Pro and performing remote GDB with qemu-mipsel-static if there is time.
0:32:02
0:32:03
0:24:45
0:27:38
0:25:01
0:19:32
0:26:51
0:20:06
0:26:44
0:27:56
0:23:19
0:49:31
0:46:55
0:32:12
0:33:19
0:51:37