SP
Sean Pesce's Research Blog
Thursday, September 19, 2024
Exploiting Android Client WebViews with Help from HSTS
Monday, May 20, 2024
[CVE-2024-22243] URL Parsing Vulnerability in Spring Framework
TL;DR
Tuesday, November 7, 2023
AWS IoT Core: A Compromised Device Perspective
TL;DR
Friday, May 26, 2023
Bypassing SELinux with init_module
TL;DR
Thursday, March 9, 2023
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
TL;DR
Friday, November 4, 2022
[CVE-2022-45028] Unauthenticated Stored XSS in the Arris NVG443B
Update: I reported this vulnerability to MITRE on November 4th, 2022. It has been assigned CVE-2022-45028 with a CVSS score of 6.1 (Medium).
Tuesday, October 25, 2022
Adding Support for a Flash Chip in FlashcatUSB
Flash Programmers for Dumping Firmware
Blackbox IoT device hacking can be frustrating without any insight into the underlying software implementation(s). For this reason, I usually try to obtain a copy of the device firmware to extract the bootloader, kernel, root filesystem, and any other information that might inform run-time testing and targeted reverse engineering. Unfortunately, device vendors don't always provide access to firmware packages, and even when they do, the firmware blobs can be encrypted or obfuscated in a way that makes them useless without knowledge of the packaging format. Luckily there's another way to obtain device firmware - you can try to dump it directly from device storage (generally a dedicated flash chip).