DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini
HTML-код
- Опубликовано: 7 фев 2025
- Yes, anyone can hack IoT devices and I’ll show you how! It doesn’t matter if you’re an experienced pen tester in other fields, completely new to cybersecurity or just IoT curious, by the end of this talk you’ll have the knowledge to hack your first device. You might be thinking - but I thought IoT was complicated, required knowledge of hardware, and expensive tools. In this talk, I’m here to dispel those myths by directly showing you the methodology, tools and tactics you can use to go and hack an IoT device today (or maybe when you get home). I’ll cover what IoT devices are best for beginners, what tools you need (and don’t need), how to build a small toolkit for less than $100, common tactics to get a foothold into IoT devices and how to find your first vulnerability or bug.
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
Probably one of the clearest and most concise talks this year from what I've seen so far
Found 5 vulnerabilities on the first day. 1 critical, 1 high. Thanks man. This sparked a curiosity
@ portscan-> found ftp -> did enumeration-> found default cred login -> in ftp rootfs access is granted -> dumped entire filesystem-> can modify entire fs, etc
@@weihe1220did you watch the video?
@@SmallTimeTrees Thank you!
This is why I love this channel, any talk I might have had to miss or force to choose over the other is right on this channel... Thanks DEFCONconferences
Just learned a lot, thanks. I love watching these DEFCON talks, because I’m never able to go, so it’s nice that we can still get acres to the talks because every year I seem to learn so much from these.
"we're expecting there to be a big surge of IoT devices because of AI" is just about the scariest news someone could drop
Without a doubt this is the best IoT hacking speed run out there.
Wow super useful talk, thanks! I've been interested in IoT hacking but too busy to look into it, I just happen to have almost all the tools and a cheap router... And some free time...
Power capacitors that are discharged can develop ‘phantom charge’ as the dielectric was in a contrary position physically for longer duration. Ambient charge is enough to cause the capacitor’s to return to previous charged state.
A lot of devices nowadays have parasitic resistors to make them safe(r) but I still always short the big filter caps just to make sure. And I do indeed get some sparks sometimes
That joke at the beginning sent me down a rabbit hole of security jokes 🤣
Great presentation, thank you for the clear and concise talk. I believe you said that folks there could get a copy of your slides but would you mind making them available to the rest of us?
These talks just reinforce the reason i dont have IoT, smart devices, or really much of anything in my house. The fact that i have wifi makes me paranoid enough.
My iot lights use WiFi to make themselves into motion sensors!
They send it between themselves and see where they are interrupted!
Any WiFi enabled device could potentially do this,
your WiFi can tell where you are in your house
@@Frappe3621 New fear unlocked.
bruh im kinda scared rn.. my cats new litterbox needed to connect to wifi (allegedly for firmware updates) same with the vaccum! both made in china btw :(
Thanks for this I really appreciated the information, finally understand what I was doing when I soldered all those wires to my Xbox 360 board I never knew why it was called JTAG but now I do
Exactly why I always watch these things. I don’t know that about binwalk.
That's pretty epic. Looking forward to starting myself :)
As a non-eglish speaker I heard "The 'ASS' in IOT stands for security" :)
Damn I needed this; thank you for this! Been looking for something like this.
07:58 Capacitors at even 5V or 12V: "hold my beer."
Been making my own showdan type project locally scanning for IoT and rigged a grep script for it
1: pick the target, usually the target is the device not the person. Usually...
What was the software being used in the Reverse Engineering binaries & libs section?
Nevermind... it's called Ghidra
@@joew1865 yes and it is suggested to use with Amazon Coretto rather than regular Java
Really enjoyed it! Thanks
Sounds fun!
somebody knows any resource to keep digging in the iot / hardware hacking?
This is a crazy question but throughout your experiences , have you ever found devices like cellular that are able to be fuzzed and hacked using it's device
Mac address and a transmitting capable device such as the hackrf , to
wirelessly communicate with it .
Why I should visit a website which made by a cybersecurity expert, why?
Like Harvard or EC-COUNCIL University or etc for cyber degrees
I followed this beginner guide and I just couldn’t hack it.
I just bought a set of 4 cameras I'm a try to hack them. But I was thinking this was a tutorial on how to hack them wireless. Any suggestions on how to hack my webcam via wifi?
Hack or be hacked. It's like being blind and while they all can see.
If someone needs a definition for firmware, I don't think they need to be trying to follow this tutorial just yet.
When i see someone Who really knows what he s talking about ❤ how much i love that stuff unfortunately i m not lucky and good enough to make a living with it Bless Bellini ciao
8:55 He should have said "unplug the power cord."
We need 6 more likes on this video! No more, no less!
Remember those books from the 90s and early 2000s that claimed this…. But when you read them, they are the basics to using a console or lessons on OSI and TCP/IP? 😂❤
Is it sad that my immediate definition for an LoT device is that it means "Left on table". 😂 Like when people leave their devices unattended. Don't mind me, kinda new here. Lol
I took screenshots of all the slides and fed to my AI to summarise. Did a good job 😊
Amazing idea💥 Did de same thanks
why wouldnt you just copy paste the transcript...
@3rdeyesociety on phone and can't copy. Tried that first
@@3rdeyesociety I tried but phone would not let me. Took a while to get every slide lol
Sounds atrocious
6:22, just making a timestamp for myself to get started.
this is why I never use my phone or pc to control any of these things
Botnet: Online DDOS or DOS attack.
Anyone hardware hacking in Austin, feel free to PM