A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


 SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. - Jacob Holcomb Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

SO Hopelessly Broken: the implications of pervasive vulnerabilities in SOHO router products. - Jacob Holcomb
Derbycon 2013

Description: “ISE discovered and identified NEW critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. Our research is directed at identifying the ubiquity and criticality of vulnerabilities in these devices. We initially evaluated 13 off-the-shelf routers, and demonstrated that 11 of 13 were exploitable by a remote adversary—and that all 13 were exploitable by a local adversary on the (W)LAN and Guest (W)LAN. The critical vulnerabilities that persist in this class of devices expose an urgent need for deeper security scrutiny. Our attacks demonstrate varying levels of criticality from unauthenticated router take over, to authenticated takeover that requires minimal participation from users. We will demonstrate a great magnitude of root vulnerabilities ISE discovered during the analysis of SOHO router network services and further breakdown the anatomy of exploitation. Attacks include Buffer Overflows, Cross-Site Request Forgery, Command Injection, Directory Traversal, Authentication Bypass, Backdoors and more! The primary focus of this presentation will be full router compromise by an adversary and its implications, but we will also discuss the evolution of SOHO device functionality, and how the SOHO industry’s lack of attention to security has left millions of networks vulnerable to exploitation. Attendees should leave this presentation with increased awareness of SOHO router security and understand how to find and exploit various vulnerabilities found in SOHO network equipment. DEMONSTRATION: We will demonstrate several root exploits and discuss the obstacles we had to overcome in order to achieve the glorious # shell!”

Bio: “Jacob Holcomb – OSCP, CEH: Residing in Baltimore, MD, Jacob works as a Security Analyst for Independent Security Evaluators. At ISE, Jacob works on projects that involve penetration testing, application security, network security, and exploit research and development. In addition to work related projects, python coding, and his favorite pastime of EIP hunting, Jacob loves to hack his way through the interwebz and has responsibly disclosed several 0-day vulnerabilities in commercial products. Blog: http://infosec42.blogspot.com LinkedIn: http://www.linkedin.com/in/infosec42 Twitter: @rootHak42″

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast