Journey to Command Injection - Hacking the Lenovo ix4-300d
Offered By: Security BSides San Francisco via YouTube
Course Description
Overview
Explore the process of chaining multiple vulnerabilities to fully compromise the Lenovo ix4-300d network attached storage (NAS) device in this 26-minute conference talk from Security BSides San Francisco. Discover how to combine command injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) to create a remote exploit that requires minimal user interaction. Learn how an attacker can craft a malicious link that, when accessed by the victim, allows for the extraction of all information stored on the NAS and execution of arbitrary operating system commands. Follow the speaker's journey from identifying the initial command injection vulnerability to developing a sophisticated exploit that hijacks browser storage values, issues malicious requests, and ultimately opens a remotely accessible operating system shell on the compromised device.
Syllabus
BSidesSF 2019 - Journey to Command Injection: Hacking the Lenovo ix4-300d (Rick Ramgattie)
Taught by
Security BSides San Francisco
Related Courses
CNIT 127: Exploit DevelopmentCNIT - City College of San Francisco via Independent Reverse Engineering and Exploit Development
Udemy Penetration Testing: Advanced Kali Linux
LinkedIn Learning Linux x86 Assembly and Shellcoding
Udemy Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy