SP
Sean Pesce's Research Blog
Tuesday, November 7, 2023
AWS IoT Core: A Compromised Device Perspective
Friday, May 26, 2023
Bypassing SELinux with init_module
TL;DR
Thursday, March 9, 2023
Leveraging ssh-keygen for Arbitrary Execution (and Privilege Escalation)
TL;DR
Friday, November 4, 2022
[CVE-2022-45028] Unauthenticated Stored XSS in the Arris NVG443B
Update: I reported this vulnerability to MITRE on November 4th, 2022. It has been assigned CVE-2022-45028 with a CVSS score of 6.1 (Medium).
Tuesday, October 25, 2022
Adding Support for a Flash Chip in FlashcatUSB
Flash Programmers for Dumping Firmware
Blackbox IoT device hacking can be frustrating without any insight into the underlying software implementation(s). For this reason, I usually try to obtain a copy of the device firmware to extract the bootloader, kernel, root filesystem, and any other information that might inform run-time testing and targeted reverse engineering. Unfortunately, device vendors don't always provide access to firmware packages, and even when they do, the firmware blobs can be encrypted or obfuscated in a way that makes them useless without knowledge of the packaging format. Luckily there's another way to obtain device firmware - you can try to dump it directly from device storage (generally a dedicated flash chip).
Saturday, October 23, 2021
Information Disclosure in a Cross-game Web API
Update: The vulnerable endpoint was fixed some time before September 7, 2022.
Scenario
- Unauthenticated access to player email addresses (if the victim has their platform account tied to their Square Enix account)
- The ability to obtain infinite premium currency
- The ability to view and modify other players' characters and inventories