This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I debugged an application with gdb remotely. The application can be debugged on the IoT device. In this case the gdb should be installed…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I show you how I used the HackRF to capture a remote controller signal of a smart plug and used the captured signal for a replay attack. Replay…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I will show how I connected to the MIPS Creator Ci40 with Bus Blaster V3c via JTAG. The MIPS Creator Ci40 board has a MIPS EJTAG interface. I…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   The most interesting part of the Offensive IoT Exploitation course was the JTAG part. I did not have any device with JTAG capabilities, so I bought a MIPS Creator Ci40 IoT…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   I examined a smart light bulb which can be controlled via Bluetooth Low Energy. After I installed the device and installed and configured the mobile phone application of the smart bulb,…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   My web camera can be used with MyDLink Lite android application. It can search web cameras on local network, but it can also connect to a cloud service and display a registered…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   During the Offensive IoT Exploitation course I learned the basics of writing buffer overflow exploits on ARM and MIPS architecture. I also learned how to debug and analyze applications on those…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   On the back of my TP-Link router I found some information regarding the device including the default WPS PIN number and SSID. WPS is a fast way of connecting wifi devices…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In my previous post, I examined the firmware of a mydlink web camera with the binwalk tool. In this post I continue the examination of the IoT device with dynamic analysis. I configured…

This blog post has been created for completing the requirements of the SecurityTube Offensive Internet of Things course. http://www.securitytube-training.com/online-courses/offensive-internet-of-things- exploitation/index.html Student ID: IoTE-728   In this post I am going to create a backdoored firmware. I am going to use the firmware of my TP-Link WR841n v11 router. The original firmware can be downloaded from here….