This course provides a methodology for vulnerability analysis of embedded devices, focusing on a holistic approach covering firmware, web application, mobile application, and hardware analysis. It introduces the TROMMEL tool for assistance in research. The learning outcomes include understanding a repeatable methodology for comprehensive results in vulnerability analysis. The course teaches skills such as information gathering, firmware analysis, web application analysis, mobile application analysis, and hardware analysis. The teaching method involves a case study on a Wi-Fi camera to demonstrate the methodology's applicability. The intended audience is security researchers and individuals interested in analyzing embedded devices for vulnerabilities.
Embedded Device Vulnerability Analysis Case Study Using Trommel
Overview
Syllabus
Intro
Introductions
Who is Kyle
Agenda
Introduction
Motivation
Methodology
Curation
Information Gathering
Firmware Analysis
Web Application Analysis
Mobile Application Analysis
Hardware Analysis
Vulnerability Disclosure
Why Dlink
Background Research
Firmware
File of Interest
Web App
Wildcard Entry
Mobile Application
Identifying Markings
Identifying Components
Comparing Firmware
Comparing Firmware Files
Exploit Attempts
Cert Coordination Center
Future Work
Conclusion
Contact Information
Firmware File
File Dump
Questions
Taught by
0xdade
