Dumping SPI Flash off the Board
How to dump SPI flash off the board with a clip and flashrom to extract firmware, and why secrets must be encrypted at rest.
Default Credentials: The IoT Epidemic
Why IoT default credentials remain one of the most damaging weaknesses, how Mirai exploited them, and how to design the problem out.
Decoding Bus Protocols with a Logic Analyzer
How to decode UART, SPI, and I2C with a logic analyzer and sigrok, turning wiggling wires into readable protocol traffic and secrets.
DNS Rebinding Attacks against Local IoT Devices
How DNS rebinding turns a browser into a foothold on local IoT devices, why it works, and how to make a device immune.
Command Injection in IoT Web Interfaces
How command injection in IoT web interfaces turns a diagnostics field into a root shell, where it hides, and how to eliminate it.
CoAP Security for Constrained IoT Devices
How to assess CoAP security on constrained IoT devices, enumerate resources, and why unauthenticated writable resources are a remote control.
CAN Bus Security with can-utils
How CAN bus security fails, sniffing and injecting frames with can-utils, and the segmentation and message authentication that defend it.
Buffer Overflows on Microcontrollers
Why stack buffer overflows still hand attackers full control on microcontrollers, how the crash looks, and the mitigations that stop them.
BLE Security Testing for Connected Products
How to test a BLE device, from scanning to writing the GATT characteristic that unlocks it, and why the radio link is not access control.
Attacking UART and Serial Consoles on Embedded Devices
How attackers find a UART serial console on an embedded device and turn it into an unauthenticated root shell, plus how to lock the port down.