We at Secure Ideas hope you all enjoy the following webcast!
Firmware drives most of the normal set-it-and-forget-it devices we use in day-to-day life. Be it IoT devices, ICS, or network appliances. However, these devices and the firmware that drives them are often overlooked from a security standpoint. Firmware can suffer from the same flaws as any normal application or OS. To make matters worse, any exploit created for a firmware usually has a cascading effect since that firmware would be applied to several devices.
This webinar will look provide a high-level overview of:
- What firmware is
- Various acquisition methods of firmware
- Methods to analyze the firmware binary for filesystems using binwalk
- How to use binwalk to extract higher level firmware filesystems
- Where to start when reviewing a firmware file system
- How to configure an environment for analysis and to possibly run firmware ELF binaries natively for debugging
- Common security issues that can be found in firmware
Presenter for this webcast is Travis Phillips
Timestamps:
0:00 - Opening Credits
0:07 - Fearlessly Hacking Firmware with Travis Phillips
0:43 - Disclaimer
2:10 - What Is Firmware?
5:00 - Why Hack Firmware?
7:39 - Acquisition Methods of Firmware - Basic
9:40 - Acquisition Methods of Firmware - Intermediate
11:00 - Acquisition Methods of Firmware - Advanced
13:53 - So, We Got a *.bin Binary Blob... Now What?
16:52 - Enter Binwalk!
18:06 - File Carving with Binwalk
18:38 - Demo Time: Binwalk +OpenWRT
22:32 - So Now We Have a File System! Now What?
23:16 - Determining the Architecture
23:55 - Exploring the /etc Directory
26:29 - Exploring the Boot-Up Process
28:15 - Look for Exploits! Low-Hanging Fruit First!
34:49 - Deeper Analysis: Web Root
37:00 - Deeper Analysis: Static Binary Review
37:54- Deeper Analysis: Dynamic Binary Review
39:33 - QEMU
40:50 - BINFMT
41:44 - GDB
42:03 - GEF
42:29 - Demo Time: Let's Exploit an ARM Binary!
43:34 - Demo Time: Source Code Review (For Reference)
44:32 - Demo Time: Setup binfmt/QEMU
46:15 - Demo Time: Test Run of the Target Binary
47:24 - Demo Time: Ghidra
48:39 - Demo Time: Ghidra - Review of main() (Decompile Frame)
48:58 - Demo Time: Ghidra - Review of main() - cont. disassembler view
49:45 - Demo Time: Ghidra - never_called() Offset
50:28 - Demo Time: Finding the Offset to $pc
52:27 - Demo Time: Exploit Time!
54:14 - Demo time: ... And Pwned
55:00 - Closing
👉Follow Us :
Twitter: / secureideas
Facebook: / secureideasllc
LinkedIn: / secu. .