Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

One of my favorite companies, especially because of the great research they do! ISE also runs IoT village at DFECON.

Good quote from the article: "When testing for OS command injection, I typically start with functionality that needs to interact with the operating system. This means that I will prioritize functionality that allows the owner to ping devices, enable/configure other services, or read/write files. Using this methodology we identified a ton of vulns".

When dealing with embedded devices that have deal with the operating system, there are a plethora of attack vectors!

Besides the command injection, ISE typically tries to make the command injection unauthenticated. In order to do this, Rick Ramigattie wanted to use a CSRF (cross-site request forgery) vulnerability to do this. Although this does require some user interaction this is still a very valid attack vector. But, a value was being stored in local storage that made this attack impossible.

So, Rick found XSS (cross-site scripting) in order to trigger the command injection with the local storage. I thought the methodology for finding the XSS was interesting: "When I test for reflected XSS I go through my sitemap and look for all requests that have parameters that end up in the server’s response. Then, I manually go through each of the requests in that subset and look for requests that end up in the server’s response without modification".

Overall, this was a really good article with great insights! Well worth the read!