We’re in track 7 mass effect and our next speaker is Zack cudlip with from SQL injection omits overflows and I just want to remind everybody that we do have a microphone over here on the side so that when it comes question to answer if you can’t hear yet you can’t use the mic all right all right thanks a.
Lot for coming coming to hear my talk everybody it’s.
A lot of people out there mm-hmm hope this dog doesn’t suck all right okay so like you said my.
Is Zachary Cutler and I’m gonna be talking to you today about routing and hacking Soho routers now all right before I actually get into the meat of the talk I just want to give a couple of shout outs first of all as my.
Company tactical network solutions TNS they let me hack on stuff and they also pay me money I don’t think they figured out that I’d probably.
Do it for free so anyway it’s a pretty sweet gig also my friend and colleague Craig Hefner when you sit next to Craig every day it’s a little bit like cheating because problems it should be hard just.
Kind of become easy when Craig is around so I really appreciate Craig’s help in all of this okay what am I gonna what am I going to be talking to you about today um so first I’m going.
To go into some novel uses of sequel injection that you may or may not have thought about I’m also going to be talking about the actual mechanics of how buffer overflows work on the MIPS CPU architecture there’s just not a lot of information about MIPS and.
Buffer overflows at least that I came across so I did quite.
A bit of learning about that in this project also I’m going to be dropping some.
O’Day’s on Netgear routers because O’Day’s make every talk more fun so gonna be sharing some of those with you.
And I’m gonna be sharing some embedded device and investigation techniques they’re useful me and I think will be useful to you if you’re investigating Soho routers and other types of kind of similar embedded devices.
I’ll be concluding with a live demo I know whenever I go to a talk and it doesn’t somehow end in a root prompt it’s almost like the talk didn’t even happen so hopefully I’m not gonna disappoint you in that way and then after all that hopefully we’ll have some time time for some.
Questions I’ll be happy to take any.
Questions if we have time before I get into the technical material I just want to say I had to be pretty brutal with what I could include in in the presentation just due to time constraints so there’s a lot of material in the white paper which you should have on your conference CD and if you find this hard to be interesting.
I encourage you to read read the paper I actually walk you through soup-to-nuts how I just discovered in.
Develop these these exploits so hopefully you’ll find.
That interesting all right so why do we why do we attack Soho routers to.
Begin with what’s the motivation there.
Well a successful compromise of a wireless Soho router actually yields a pretty privileged vantage point to the attacker on a user’s network so for example attacking attacking and compromising one of these routers exposes potentially multiple connected users to subsequent attack also it exposes all.