Our EXPLOIT THIS CTF is tailored to those hackers and enthusiasts alike, that share a passion for all things embedded, IoT or hardware related. Debunked is another 50 point CTF challenge brought to you by Exploit Security. This and other CTF challenges can be found https://exploitthis.ctfd.io. In our last blog we stepped through "The Elves Magic" challenge, now we will take a look at another simple challenge using the same approach. It is our belief that using a systematic methodology, this helps to build better technical capability when applying such knowledge to real-world technical chal ..read more

Our EXPLOIT THIS CTF is tailored to those hackers and enthusiasts alike, that share a passion for all things embedded, IoT or hardware related. The Elves Magic is a 50 point CTF challenge brought to you by Exploit Security. This and other CTF challenges can be found https://exploitthis.ctfd.io. This blog post will look to step through this simple challenge using a systematic methodology, which helps to build technical capability when applying such knowledge to real-world technical challenges. Task: The participant is tasked with examining a given file, with the caption, "Flag is found when un ..read more

#LinuxFilePermissions #PenetrationTesting For those seasoned nix users and admins, the concept of special permissions is not a new topic, however when it comes to evaluating a nix system upon engagement, paying special attention to how these permissions are setup can sometimes lead to privilege escalation, through misconfiguration. Linux File Permissions In order to understand just what a linux special permission is, we first have to unpack the concept of permissions within a Linux file system. Permissions, within Linux file systems provide a level of access control to files through assignmen ..read more

#apisecurity #penetrationtestingapis #penetrationtesting Overview In the ever-expanding realm of cybersecurity, API security testing has emerged as a crucial discipline, ensuring the robustness of the digital interfaces that power our interconnected world. This blog post will guide you through the methodology of API security testing and introduce ten indispensable tools to fortify your API defenses. Understanding API Security Testing APIs act as the lifeblood of modern applications, facilitating seamless data exchange and communication between software systems. Protecting APIs is paramount to ..read more

Authentication Bypass via an out-of-bounds read vulnerability Introduction The Security Team at [exploitsecurity.io] uncovered a vulnerability in the Shelly 4PM Pro four-channel smart switch [ Firmware Version 0.11.0]. Under certain conditions the vulnerability allows an attacker to trigger an BLE out of bounds read fault condition that results in a device reload. It was found that this vulnerability could enable an attacker to switch on relays, if coupled with the systems scripting feature. This blog looks to describe: Affected Product Overview The Shelly 4PM PRO under the hood Attack Surfac ..read more

In this blog post we will be describing the protocol commonly referred to as ZigBee. We will look at describing what it is, how it is used and how it can be used by Security Researchers when examining hardware targets. In this post we will cover the following: Overview Under the hood (802.15.4) ZigBee ZigBee Protocol Stack ZigBee Addressing and Packet Format ZigBee Route Discovery ZigBee Security Potential Weakness Anatomy of a ZigBee Attack Summary Overview ZigBee is a communications protocol wrapped around underlying specification standard IEEE 802.15.4. ZigBee is typically found in en ..read more

In this blog post we will be describing the hardware communications protocol known as Universal Asynchronous Receiver-Transmitter or simply UART. We will dive into the physical specifications and also how it can be used by security researchers when examining hardware being tested. In this post we will cover the following: Overview Physical Interface Data Transmission UART Packet Format How UART can be used by Security Researchers Overview UART is a ubiquitous device-to-device hardware communication protocol and hardware specification used to provide a method for interconnection of two devic ..read more

#grep-fu #githubsecurity #penetrationtesting In recent times, cybersecurity threats have evolved to exploit vulnerabilities in code repositories, and one potent tool in the attacker's arsenal is grep. Today, we delve into the risks associated with using this powerful search command on GitHub repositories to unearth potentially sensitive credentials. Understanding Grep: A Brief Overview grep is a command-line utility used for searching text within files. While it is an essential tool for developers and system administrators, it can also be misused for malicious purposes, especially when scannin ..read more

Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller Introduction The Security Team at [exploitsecurity.io] uncovered multiple vulnerabilities in the Techview LA-5570 Wireless Home Automation Controller [Firmware Version 1.0.19_T53]. These vulnerabilities can be used to to gain full control of the affected device. CVE-2023-34723 Vulnerability Type: Directory Indexing, allows a threat actor to list the contents of specific directories outside of the web root context. CVE-2023-34724 Vulnerability Type: On-Chip Debug and Test Interface With Improper Acces ..read more

In this blog post we will be describing what Serial Peripheral Interface or SPI, is and where and why it is used within embedded systems. This interface type is widely used and therefore understanding its functionality will assist whilst conducting security research. The post shall attempt to describe: An overview of SPI SPI Main/Subnode architecture SPI Data transmission SPI Transmission Modes How SPI can be used by security researchers Dumping Flash via SPI Summary Overview SPI is a full-duplex synchronous data transfer architecture used to transfer data between an embedded MCU (Micro Con ..read more