Enviar pesquisa
Carregar
Vadim Bardakov - AVR & MSP exploitation
•
Transferir como PPTX, PDF
•
1 gostou
•
1,566 visualizações
DefconRussia
Seguir
Tecnologia
Notícias e política
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 34
Baixar agora
Recomendados
Safety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical System
Aleksandr Timorin
Centum VP - Evolution of Yokogawa System Solutions (2014)
Centum VP - Evolution of Yokogawa System Solutions (2014)
Yokogawa
Industrial protocols for pentesters
Industrial protocols for pentesters
Positive Hack Days
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
pgmaynard
Yokogawa Safety Instrumented System -Prosafe RS
Yokogawa Safety Instrumented System -Prosafe RS
Amit Sharma
Industrial protocols for pentesters
Industrial protocols for pentesters
Aleksandr Timorin
Security testing in critical systems
Security testing in critical systems
Peter Wood
ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)
家榮 張
Recomendados
Safety vs Security: How to Create Insecure Safety-Critical System
Safety vs Security: How to Create Insecure Safety-Critical System
Aleksandr Timorin
Centum VP - Evolution of Yokogawa System Solutions (2014)
Centum VP - Evolution of Yokogawa System Solutions (2014)
Yokogawa
Industrial protocols for pentesters
Industrial protocols for pentesters
Positive Hack Days
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
pgmaynard
Yokogawa Safety Instrumented System -Prosafe RS
Yokogawa Safety Instrumented System -Prosafe RS
Amit Sharma
Industrial protocols for pentesters
Industrial protocols for pentesters
Aleksandr Timorin
Security testing in critical systems
Security testing in critical systems
Peter Wood
ARM uVisor Debug Refinement Project(debugging facility improvements)
ARM uVisor Debug Refinement Project(debugging facility improvements)
家榮 張
Improving SCADA Security
Improving SCADA Security
Narinrit Prem-apiwathanokul
FieldMate - Versatile Device Management Wizard
FieldMate - Versatile Device Management Wizard
Yokogawa
Tcp232 t24-getting started manual v1.0
Tcp232 t24-getting started manual v1.0
Jorge_Rod
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
qqlan
3 diagnostic
3 diagnostic
confidencial
Axis Camera Companion
Axis Camera Companion
bethhaldane
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
Flexible Axis cameras, that let you see more
Flexible Axis cameras, that let you see more
Christian Pfaeffli
Audio Visual Control Systems
Audio Visual Control Systems
sonn jita
Ifm Technology for Mining Industries English 2013
Ifm Technology for Mining Industries English 2013
ifm electronic gmbh
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Priyanka Aash
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Technogroovy
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
Protecting Your DNP3 Networks
Protecting Your DNP3 Networks
Chris Sistrunk
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
InfinIT - Innovationsnetværket for it
Turnstiles & Access Control Systems. PERCo Catalogue
Turnstiles & Access Control Systems. PERCo Catalogue
PERCo
G120 cu250 s2_kba1_0414_eng_en-us
G120 cu250 s2_kba1_0414_eng_en-us
Sanjeewa Siriwardana
S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
Marina Krotofil
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
Yokogawa Centum VP
Yokogawa Centum VP
Allan Moreira
Never Trust Your Inputs or how to fool an ADC
Never Trust Your Inputs or how to fool an ADC
Alexander Bolshev
Hardware hacking for software people
Hardware hacking for software people
Dobrica Pavlinušić
Mais conteúdo relacionado
Mais procurados
Improving SCADA Security
Improving SCADA Security
Narinrit Prem-apiwathanokul
FieldMate - Versatile Device Management Wizard
FieldMate - Versatile Device Management Wizard
Yokogawa
Tcp232 t24-getting started manual v1.0
Tcp232 t24-getting started manual v1.0
Jorge_Rod
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
qqlan
3 diagnostic
3 diagnostic
confidencial
Axis Camera Companion
Axis Camera Companion
bethhaldane
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
Aleksandr Timorin
Flexible Axis cameras, that let you see more
Flexible Axis cameras, that let you see more
Christian Pfaeffli
Audio Visual Control Systems
Audio Visual Control Systems
sonn jita
Ifm Technology for Mining Industries English 2013
Ifm Technology for Mining Industries English 2013
ifm electronic gmbh
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Priyanka Aash
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Technogroovy
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
Protecting Your DNP3 Networks
Protecting Your DNP3 Networks
Chris Sistrunk
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
InfinIT - Innovationsnetværket for it
Turnstiles & Access Control Systems. PERCo Catalogue
Turnstiles & Access Control Systems. PERCo Catalogue
PERCo
G120 cu250 s2_kba1_0414_eng_en-us
G120 cu250 s2_kba1_0414_eng_en-us
Sanjeewa Siriwardana
S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
Marina Krotofil
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
Yokogawa Centum VP
Yokogawa Centum VP
Allan Moreira
Mais procurados
(20)
Improving SCADA Security
Improving SCADA Security
FieldMate - Versatile Device Management Wizard
FieldMate - Versatile Device Management Wizard
Tcp232 t24-getting started manual v1.0
Tcp232 t24-getting started manual v1.0
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
3 diagnostic
3 diagnostic
Axis Camera Companion
Axis Camera Companion
Scada deep inside: protocols and security mechanisms
Scada deep inside: protocols and security mechanisms
Flexible Axis cameras, that let you see more
Flexible Axis cameras, that let you see more
Audio Visual Control Systems
Audio Visual Control Systems
Ifm Technology for Mining Industries English 2013
Ifm Technology for Mining Industries English 2013
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Defcon 22-phil-polstra-cyber-hijacking-airplanes-truth-or-fi
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Industrial Training|Summer Training|Embedded Systems|Final Year Project|B tec...
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Protecting Your DNP3 Networks
Protecting Your DNP3 Networks
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
Apps for Industrial Devices som understøttes af HVM'en. Alternativer, så som ...
Turnstiles & Access Control Systems. PERCo Catalogue
Turnstiles & Access Control Systems. PERCo Catalogue
G120 cu250 s2_kba1_0414_eng_en-us
G120 cu250 s2_kba1_0414_eng_en-us
S4x16 europe krotofil_granular_dataflowsics
S4x16 europe krotofil_granular_dataflowsics
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
Yokogawa Centum VP
Yokogawa Centum VP
Destaque
Never Trust Your Inputs or how to fool an ADC
Never Trust Your Inputs or how to fool an ADC
Alexander Bolshev
Hardware hacking for software people
Hardware hacking for software people
Dobrica Pavlinušić
Hardware Hacking
Hardware Hacking
rngtng
Return-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code Injection
guest9f4856
AVR Assembler - ChiPy Ultimate Language Shootout 2016
AVR Assembler - ChiPy Ultimate Language Shootout 2016
Nick Timkovich
Return Oriented Programming (ROP) Based Exploits - Part I
Return Oriented Programming (ROP) Based Exploits - Part I
n|u - The Open Security Community
Hardware Hacking and Arduinos
Hardware Hacking and Arduinos
Howard Mao
Arduino: Open Source Hardware Hacking from the Software Nerd Perspective
Arduino: Open Source Hardware Hacking from the Software Nerd Perspective
Howard Lewis Ship
Hacking Techniques
Hacking Techniques
Ishaq Mohammed
XVII SBSEG: Detecção de ataques por ROP em tempo real assistida por hardware
XVII SBSEG: Detecção de ataques por ROP em tempo real assistida por hardware
Marcus Botacin
Internet of things : 세상의 모든것들이 연결되는 날 - 최형욱
Internet of things : 세상의 모든것들이 연결되는 날 - 최형욱
Hugh Choi 최형욱
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Lyon Yang
Arduino Anatomy
Arduino Anatomy
Alaa Mahran
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2
Luis Grangeia
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
Luis Grangeia
Calidad de la salud en colombia diapositivas
Calidad de la salud en colombia diapositivas
LIZZTOBON
Exploits & Mitigations - Memory Corruption Techniques
Exploits & Mitigations - Memory Corruption Techniques
Cysinfo Cyber Security Community
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
Ike Clinton
사물인터넷, 이제는 서비스다!
사물인터넷, 이제는 서비스다!
Hakyong Kim
Destaque
(20)
Never Trust Your Inputs or how to fool an ADC
Never Trust Your Inputs or how to fool an ADC
Hardware hacking for software people
Hardware hacking for software people
Hardware Hacking
Hardware Hacking
Return-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code Injection
AVR Assembler - ChiPy Ultimate Language Shootout 2016
AVR Assembler - ChiPy Ultimate Language Shootout 2016
Return Oriented Programming (ROP) Based Exploits - Part I
Return Oriented Programming (ROP) Based Exploits - Part I
Hardware Hacking and Arduinos
Hardware Hacking and Arduinos
Arduino: Open Source Hardware Hacking from the Software Nerd Perspective
Arduino: Open Source Hardware Hacking from the Software Nerd Perspective
Hacking Techniques
Hacking Techniques
XVII SBSEG: Detecção de ataques por ROP em tempo real assistida por hardware
XVII SBSEG: Detecção de ataques por ROP em tempo real assistida por hardware
Internet of things : 세상의 모든것들이 연결되는 날 - 최형욱
Internet of things : 세상의 모든것들이 연결되는 날 - 최형욱
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Practical IoT Exploitation (DEFCON23 IoTVillage) - Lyon Yang
Arduino Anatomy
Arduino Anatomy
Reverse Engineering the TomTom Runner pt. 2
Reverse Engineering the TomTom Runner pt. 2
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
Calidad de la salud en colombia diapositivas
Calidad de la salud en colombia diapositivas
Exploits & Mitigations - Memory Corruption Techniques
Exploits & Mitigations - Memory Corruption Techniques
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
사물인터넷, 이제는 서비스다!
사물인터넷, 이제는 서비스다!
Semelhante a Vadim Bardakov - AVR & MSP exploitation
UNIT-III ES.ppt
UNIT-III ES.ppt
DustinGraham19
QRadar_CEddfdfdsfdfdfdfdfdfdfdfdfdfdff.pdf
QRadar_CEddfdfdsfdfdfdfdfdfdfdfdfdfdff.pdf
mindhackers161
39245147 intro-es-i
39245147 intro-es-i
Embeddedbvp
Webinar: Plataforma Renesas Synergy – Construindo sua aplicação MQTT com anal...
Webinar: Plataforma Renesas Synergy – Construindo sua aplicação MQTT com anal...
Embarcados
SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4
Charles Brosseau
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Honeywell
SIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنز
EssosElectronic
S emb t10-development
S emb t10-development
João Moreira
Redes
Redes
fareyc
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?
MITRE - ATT&CKcon
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
Riscure
Virtualization & Network Connectivity
Virtualization & Network Connectivity
itplant
Migrating to the 7200 controller george anderson marcus christensen
Migrating to the 7200 controller george anderson marcus christensen
Aruba, a Hewlett Packard Enterprise company
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
Shinagawa Laboratory, The University of Tokyo
Introduction to Embedded Systems
Introduction to Embedded Systems
محمد عبد الحى
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
Aruba, a Hewlett Packard Enterprise company
Manual del sistema del controlador programable S7-200 CPU21x
Manual del sistema del controlador programable S7-200 CPU21x
SANTIAGO PABLO ALBERTO
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Priyanka Aash
Air vision ds
Air vision ds
Lamarck Sousa
Semelhante a Vadim Bardakov - AVR & MSP exploitation
(20)
UNIT-III ES.ppt
UNIT-III ES.ppt
QRadar_CEddfdfdsfdfdfdfdfdfdfdfdfdfdff.pdf
QRadar_CEddfdfdsfdfdfdfdfdfdfdfdfdfdff.pdf
39245147 intro-es-i
39245147 intro-es-i
Webinar: Plataforma Renesas Synergy – Construindo sua aplicação MQTT com anal...
Webinar: Plataforma Renesas Synergy – Construindo sua aplicação MQTT com anal...
SDS_SSL_MPM_UN_A4
SDS_SSL_MPM_UN_A4
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
SIMATIC manager سيماتك منجر سيمنز
SIMATIC manager سيماتك منجر سيمنز
S emb t10-development
S emb t10-development
Redes
Redes
What's New with ATTACK for ICS?
What's New with ATTACK for ICS?
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
Virtualization & Network Connectivity
Virtualization & Network Connectivity
Migrating to the 7200 controller george anderson marcus christensen
Migrating to the 7200 controller george anderson marcus christensen
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
BMCArmor: A Hardware Protection Scheme for Bare-metal Clouds
Introduction to Embedded Systems
Introduction to Embedded Systems
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
Manual del sistema del controlador programable S7-200 CPU21x
Manual del sistema del controlador programable S7-200 CPU21x
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Defcon 22-cesar-cerrudo-hacking-traffic-control-systems
Air vision ds
Air vision ds
Mais de DefconRussia
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
DefconRussia
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
DefconRussia
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
DefconRussia
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
DefconRussia
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
DefconRussia
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
DefconRussia
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
DefconRussia
HTTP HOST header attacks
HTTP HOST header attacks
DefconRussia
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
DefconRussia
Weakpass - defcon russia 23
Weakpass - defcon russia 23
DefconRussia
nosymbols - defcon russia 20
nosymbols - defcon russia 20
DefconRussia
static - defcon russia 20
static - defcon russia 20
DefconRussia
Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
Nedospasov defcon russia 23
Nedospasov defcon russia 23
DefconRussia
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
Miasm defcon russia 23
Miasm defcon russia 23
DefconRussia
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
DefconRussia
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
DefconRussia
Mais de DefconRussia
(20)
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Gua...
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Алексей Тюрин - Spring autobinding
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
[Defcon Russia #29] Михаил Клементьев - Обнаружение руткитов в GNU/Linux
Георгий Зайцев - Reversing golang
Георгий Зайцев - Reversing golang
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
Олег Купреев - Обзор и демонстрация нюансов и трюков из области беспроводных ...
HTTP HOST header attacks
HTTP HOST header attacks
Attacks on tacacs - Алексей Тюрин
Attacks on tacacs - Алексей Тюрин
Weakpass - defcon russia 23
Weakpass - defcon russia 23
nosymbols - defcon russia 20
nosymbols - defcon russia 20
static - defcon russia 20
static - defcon russia 20
Zn task - defcon russia 20
Zn task - defcon russia 20
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
Nedospasov defcon russia 23
Nedospasov defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Miasm defcon russia 23
Miasm defcon russia 23
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Sergey Belov - Покажите нам Impact! Доказываем угрозу в сложных условиях
Último
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Último
(20)
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Vadim Bardakov - AVR & MSP exploitation
1.
AVR & MSP
exploitation Vadim Bardakov Security Researcher Digital Security (ERPScan)
2.
AVR & MSP
exploitation Why now? • Inc. usage of uC • Nobody cares about code security for these devices © 2002—2013, Digital Security 2
3.
AVR & MSP
exploitation Why now? • Inc. usage of uC • Nobody cares about code security for these devices • Inc. amount of easily accessible data channels • Microcontroller firmware can be retrieved © 2002—2013, Digital Security 3
4.
AVR & MSP
exploitation Jokes © 2002—2013, Digital Security 4
5.
AVR & MSP
exploitation What if it works? © 2002—2013, Digital Security 5
6.
AVR & MSP
exploitation Oops… © 2002—2013, Digital Security 6
7.
AVR & MSP
exploitation Firmware extraction Side channel attacks • Power analysis © 2002—2013, Digital Security 7
8.
AVR & MSP
exploitation Firmware extraction Side channel attacks • Power analysis • Planarization • etc. © 2002—2013, Digital Security 8
9.
AVR & MSP
exploitation Firmware extraction MSP430: • FRAM • 5xx • 6xx © 2002—2013, Digital Security 9
10.
AVR & MSP
exploitation RAM MSP © 2002—2013, Digital Security AVR 10
11.
AVR & MSP
exploitation RAM General purpose registers I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security 11
12.
AVR & MSP
exploitation Stack errors General purpose registers I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security 12
13.
AVR & MSP
exploitation Stack errors General purpose registers I/O Special Function Registers SP Additional I/O registers Internal RAM © 2002—2013, Digital Security ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff 13
14.
AVR & MSP
exploitation Stack errors General purpose registers I/O Special Function Registers Interrupt handler: UART Timers Comparators INT0..X © 2002—2013, Digital Security Additional I/O registers Internal RAM SP ffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff 14
15.
AVR & MSP
exploitation Stack errors General purpose registers SP Interrupt handler: UART Timers Comparators INT0..X © 2002—2013, Digital Security I/O Special Function Registers Additional I/O registers Internal RAM ffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff ffffffffffffffffffffffff 15
16.
AVR & MSP
exploitation Stack errors General purpose registers Reconfiguring peripheral devices…. Lost control I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security SP ffff 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 16
17.
AVR & MSP
exploitation Stack errors General purpose registers Reconfiguring peripheral devices…. Lost control I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security SP ffff 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 17
18.
AVR & MSP
exploitation Stack errors General purpose registers Reconfiguring peripheral devices…. Lost control I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security SP ffff 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 18
19.
AVR & MSP
exploitation Stack errors General purpose registers Reconfiguring peripheral devices…. Lost control I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security SP ffff 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 00000000000000 19
20.
AVR & MSP
exploitation Stack errors General purpose registers Reconfiguring peripheral devices…. Seems OK I/O Special Function Registers Additional I/O registers Internal RAM © 2002—2013, Digital Security SP ffff 20202020202020 20202020202020 20202020202020 20202020202020 20202020202020 20202020202020 20202020202020 20202020202020 20
21.
AVR & MSP
exploitation Stack errors General purpose registers I/O Special Function Registers Additional I/O registers Unknown offset Global Variables Internal RAM © 2002—2013, Digital Security 21
22.
AVR & MSP
exploitation Stack errors General purpose registers I/O Special Function Registers Additional I/O registers Bypassing checks © 2002—2013, Digital Security Internal RAM 22
23.
AVR & MSP
exploitation Buffer overflow Access: • Local variables • Return address: • Compiler-generated instructions • Interruption • Bootloader © 2002—2013, Digital Security 23
24.
AVR & MSP
exploitation Buffer overflow ISR(UART0_RECEIVE_INTERRUPT) { UART_RxHead++; UART_RxBuf[UART_RxHead] = UART0_DATA; } Casual for UART handlers © 2002—2013, Digital Security 24
25.
AVR & MSP
exploitation Buffer overflow ISR(UART0_RECEIVE_INTERRUPT) { UART_RxHead++; UART_RxBuf[UART_RxHead] = UART0_DATA; } print “xff”xB . “x010xFC”xN Atmel Studio 6.1 000001FB CLI 000001FC RJMP PC-0x0000 © 2002—2013, Digital Security 25
26.
AVR & MSP
exploitation Buffer overflow ISR(UART0_RECEIVE_INTERRUPT) { UART_RxHead++; UART_RxBuf[UART_RxHead] = UART0_DATA; } print “xff”xN 000001FB CLI 000001FC RJMP PC-0x0000 © 2002—2013, Digital Security 26
27.
AVR & MSP
exploitation Buffer overflow ISR(UART0_RECEIVE_INTERRUPT) { UART_RxHead++; UART_RxBuf[UART_RxHead] = UART0_DATA; } print “xff”xN 000001FB CLI 000001FC RJMP PC-0x0000 DoS © 2002—2013, Digital Security 27
28.
AVR & MSP
exploitation Buffer overflow ISR(UART0_RECEIVE_INTERRUPT) { UART_RxHead++; UART_RxBuf[UART_RxHead] = UART0_DATA; } void uart_puts(const char *s ) { while (*s) uart_putc(*s++); print “xff”xB . “x010xFC”xN. P uart_puts(p); 000001C8 LDD R24,Y+1 000001CA LDD R25, Y+2 000001CB CALL 0x0000014E Load indirect with displacement Load immediate Call subroutine Dumping RAM } © 2002—2013, Digital Security 28
29.
AVR & MSP
exploitation Reprogramming © 2002—2013, Digital Security 29
30.
AVR & MSP
exploitation Reprogramming Open-source bootloaders sucks in production. © 2002—2013, Digital Security 30
31.
AVR & MSP
exploitation Reprogramming Load code to RAM print “xff”xB . “x000x16”xN. ROPTail Interruption handler Ideal for ROP © 2002—2013, Digital Security 31
32.
AVR & MSP
exploitation Reprogramming Gain control to SPM print Code . “x000xFC”xN. P Atmex +00000343: 95E8 …. +00000351: 95E8 SPM Store program memory SPM Store program memory Writing code to FLASH © 2002—2013, Digital Security 32
33.
AVR & MSP
exploitation Sum • Simple attacks can be conducted blindly • Different consequences: • DoS • Modifying device configuration • etc. © 2002—2013, Digital Security 33
34.
Digital Security in
Moscow: +7 (495) 223-07-86 Digital Security in Saint Petersburg: +7 (812) 703-15-47 www.dsec.ru www.erpscan.com v.bardakov@dsec.ru © 2002—2013, Digital Security 34
Baixar agora