This course focuses on hacking video conferencing systems, specifically Polycom HDX devices. The learning outcomes include understanding the security vulnerabilities in these systems, analyzing firmware, setting up a vulnerability development environment, and implementing exploits for identified vulnerabilities. The course teaches skills such as firmware analysis, exploiting vulnerabilities in the H.323 stack, post-exploitation techniques, and controlling attached peripherals. The teaching method involves a case study on Polycom HDX devices, analyzing software update file formats, and demonstrating remote compromises over the network. The intended audience for this course includes cybersecurity professionals, ethical hackers, penetration testers, and individuals interested in understanding the security risks associated with video conferencing systems.
Overview
Syllabus
Intro
Agenda
Background
Revenue Market Share
Polycom HDX Systems
Attack Surface
Firmware Analysis
PUP File Structure
PUP Header
Header HMAC
Public Key DSA Signature
HDX Boot Modes
Enabling Development Mode
Polycom Command Shell
Device Rooting - Method #2
Problems with previous Methods
Device Rooting - Method #3
System Architecture
Filesystem
Configuration Files
Main Processes
AppMain Java Process
Polycom AVC
Remote Debugging
Watchdog Daemon
Ready for Bug Hunting...
H.323 Protocol
H.323 Signaling Protocols
Call Initiation
Call Detail Records
Vulnerabilities
SQL Injection Exploit Challenges
Vulnerability #2
Exploiting the Format String Bug
Post Exploitation
Polycom XCOM IPC
Polycom Disclosure Process
Taught by
Black Hat
