Hardware Reversing to find UART and shell

October 31, 2019

I’ve (finally) posted the follow up to my last video! In this one we’re dipping a toe into hardware reversing by finding a UART (serial port) and using it to get shell access on a 931-L. If you’ve never done anything with hardware this is a great place to start, or at least get some initial exposure to the concept.

Read More

Reversing Firmware- How does that work?

March 8, 2017

Last week I wrote about a backdoor vulnerability in a device used by spammers. The team at Spider Labs discovered it by reverse engineering a piece of firmware. If you’ve never seen anything like that before, here’s a quick walk-through that’ll take a piece of firmware from a binary file to an extracted file system you can explore on your own. Let’s get started!

Read More

Backdoor Vulnerability in Gateway Used by Spammers

March 3, 2017

I’m not sure whether to laugh or cry about this one. Trustwave’s SpiderLabs just blogged about an unpublished backdoor they found in a device used to send SMS spam. It’s called a GSM VoIP Gateway (GoIP) and it looks like this:

Read More

My RSA talk about IoT security is up!

February 16, 2017

They posted the video up there- the main page for the talk is here. I had a great crowd of folks there, and of course, it never hurts to hand out 30+ lbs. of candy before you on stage either…

Read More