IoT
PULLING MIKROTIK INTO THE LIMELIGHT
So, you want to start reverse engineering MikroTik routers. Where do you start? As opposed to many routers which act more as a collection of indepe...
CVE-2022-23088: EXPLOITING A HEAP OVERFLOW IN THE FREEBSD WI-FI STACK
In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitr...
Router security in 2021
AUTHORS MARIA NAMESTNIKOVA A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Route...
蓝牙信号可追踪智能手机
研究人员首次发现蓝牙信号可作为指纹用于追踪智能手机。智能手机、智能手表、健身手环等移动设备常以每分钟500 蓝牙beacon的速率用来传输信号。这些beacon可...
机架式设备漏洞挖掘
0x01简介 Iot设备漏洞挖掘,其实核心就是拿到运行在硬件设备内的“软件”,然后就变成了常规的软件漏洞挖掘。剩下的就是常规的漏洞挖掘步骤就跟软件漏洞挖掘步...
USG310 4.70 固件解密分析
0x01 前言关于Zyxel 固件的解密和提取的分析,最近的这篇文章给了我一个很好的idea,感兴趣的可以去看一下。文章连接:https://security.humanativaspa.it/zy...
《物联网终端安全入门与实践之玩转物联网固件》上
在上一篇文章中,我们了解了物联网的基本概念,并以物联网终端作为切入点,介绍了物联网设备的硬件与固件知识。接下来,笔者将介绍物联网终端设备的固件获取...
如何获取Tenda AX18系列的Telnet密码
0x10 前言要调试溢出漏洞肯定得需要shell的啦,没shell,没监控,没办法的fuzz溢出的啦0x20 分析总所周知 Tenda 路由器是可以通过 goform/telnet 这个接口来...
新华三magicR100存在未授权RCE攻击
漏洞描述存在/AJAX/ajaxget接口可以非授权访问,通过ajaxmsg搭配上功能函数可以调用读取一些敏感信息,通过对信息泄露进行深入检查,发现可以泄露管理数据登...
NetUSB exploitation part 1: Setting up the environment
In Pwn2Own Austin 2021, we also exploited TP-Link Archer C7 and Netgear R6700v3 routers. This is the first part of how we attacked the NetUSB kerne...