YoVDO

Assessing the Embedded Devices On Your Network

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Network Security Courses VoIP (Voice over Internet Protocol) Courses IoT security Courses Threat Modeling Courses Security Assessment Courses Reconnaissance Courses Fuzzing Courses UART Courses

Course Description

Overview

Explore the unique challenges of assessing embedded devices and Internet of Things (IoT) security in this 34-minute conference talk from BSidesSF 2017. Delve into the specific constraints of threat modeling for these tightly integrated systems, which often lack traditional host-based security controls. Follow along as the speaker conducts a live assessment of a VoIP phone, demonstrating practical techniques such as hardware pin identification, UART analysis, fuzzing, and debugging. Learn about potential mitigations for devices that cannot be easily updated, and gain insights into the distinct confidentiality, integrity, and availability characteristics of embedded systems. Discover how to approach security assessments for the growing number of connected devices on your network.

Syllabus

Intro
Insecurity of Things
Things will look a little different...
Unique CIA Characteristics
A Case Study
What do we know? (Recon)
Live Assessment
Hardware Tricks: Identifying Pins
Useful UART
Fuzzing/Debugging
Advanced Techniques
Summary of Bugs


Taught by

Security BSides San Francisco

Related Courses

Early Detection through Deception
YouTube
Hack for Show, Report for Dough - Brian King
YouTube
Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube
Windows Event Logs - Zero to Hero
YouTube
Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube