Category: IoT

Offensive IoT Exploitation Exam – Remote debugging with MIPS Creator Ci40

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I debugged an application with gdb remotely. The application can be debugged on the IoT device. In this case the gdb should be installed…


Offensive IoT Exploitation Exam – Replay attack with HackRF

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I show you how I used the HackRF to capture a remote controller signal of a smart plug and used the captured signal for a replay attack. Replay…


Offensive IoT Exploitation Exam – JTAG on MIPS Creator Ci40

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I connected to the MIPS Creator Ci40 with Bus Blaster V3c via JTAG. The MIPS Creator Ci40 board has a MIPS EJTAG interface. I…


Offensive IoT Exploitation Exam – Determine JTAG pinout with Arduino

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   The most interesting part of the Offensive IoT Exploitation course was the JTAG part. I did not have any device with JTAG capabilities, so I bought a MIPS Creator Ci40 IoT…


Offensive IoT Exploitation Exam – Sniffing BLE traffic with Adafruit

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   I examined a smart light bulb which can be controlled via Bluetooth Low Energy. After I installed the device and installed and configured the mobile phone application of the smart bulb,…


Offensive IoT Exploitation Exam – Analysis of the Android app of the mylink web camera

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   My web camera can be used with MyDLink Lite android application. It can search web cameras on local network, but it can also connect to a cloud service and display a registered…


Offensive IoT Exploitation Exam – Format string vulnerability on ARM architecture

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   During the Offensive IoT Exploitation course I learned the basics of writing buffer overflow exploits on ARM and MIPS architecture. I also learned how to debug and analyze applications on those…


Offensive IoT Exploitation Exam – WPS on TP-Link WR841n v11

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   On the back of my TP-Link router I found some information regarding the device including the default WPS PIN number and SSID. WPS is a fast way of connecting wifi devices…


Offensive IoT Exploitation Exam – Dynamic analysis of a mydlink web camera

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In my previous post, I examined the firmware of a mydlink web camera with the binwalk tool. In this post I continue the examination of the IoT device with dynamic analysis. I configured…


Offensive IoT Exploitation Exam – Backdooring a firmware

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I am going to create a backdoored firmware. I am going to use the firmware of my TP-Link WR841n v11 router. The original firmware can be downloaded from here….