Hackers of India

Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing

By Kaustubh Padwad on 07 Oct 2020 @ Rootcon
πŸ“Š Presentation πŸ“Ή Video πŸ”— Link
#red-teaming #security-assessment #reverse-engineering
Focus Areas: 🦠 Malware Analysis , 🎯 Penetration Testing , πŸ” Vulnerability Management

Presentation Material

Abstract

The world is moving towards smart culture everything nowadays is smart, and mostly all are those smart devices are basically embedded devices with internet connectivity or some provision to connect with the internet. Since these devices are booming in market this also tempting lots of people/groups for hacking.

In this 1 hour talk we will discuss how to test the embedded/IoT devices, it would give you a methodology for assessment, how to perform firmware analysis, identifying vulnerable components, basic approach for reverse engineering the binaries to discover potential remote code execution, memory corruption vulnerabilities by looking for native vulnerable functions in C or bad implementation of functions like System, popen, pclose etc.

After conducting static analysis,firmware analysis we will move towards dynamic testing approch which include web application testing, Underlying OS security testing, identifying vulnerabilities and misconfiguration in device. At last we will move towards fuzzing the device via web application parameters and installing aproppriate debugger on device to identify memory corruption vulnerabilities.

AI Generated Summary

Based on the provided transcript, it is not possible to generate a clear, concise, and factual summary as requested. The text is a highly garbled, incoherent mixture of Hindi and English phrases, nonsensical strings, promotional language (“subscribe”), and disjointed fragments that do not form a logical or technical presentation on a specific security research topic.

There are no discernible:

  • A defined main research topic or problem statement.
  • Key findings, techniques, or tools presented with any technical detail or clarity.
  • Practical implications or takeaways that can be extracted reliably.

The content appears to be either a severely corrupted audio transcription, heavily obfuscated, or not a legitimate technical conference talk transcript. Therefore, a summary meeting the specified criteria (factual, technical, 150-300 words, third person past tense) cannot be produced from this input.

Disclaimer: This summary was auto-generated from the video transcript using AI and may contain inaccuracies. It is intended as a quick overview β€” always refer to the original talk for authoritative content. Learn more about our AI experiments.