YoVDO

Journey to Command Injection - Hacking the Lenovo ix4-300d

Offered By: Security BSides San Francisco via YouTube

Tags

Security BSides Courses Cybersecurity Courses Ethical Hacking Courses Cross-Site Scripting (XSS) Courses Cross-Site Request Forgery (CSRF) Courses Command Injection Courses Exploit Development Courses Embedded Device Security Courses

Course Description

Overview

Explore the process of chaining multiple vulnerabilities to fully compromise the Lenovo ix4-300d network attached storage (NAS) device in this 26-minute conference talk from Security BSides San Francisco. Discover how to combine command injection, cross-site scripting (XSS), and cross-site request forgery (CSRF) to create a remote exploit that requires minimal user interaction. Learn how an attacker can craft a malicious link that, when accessed by the victim, allows for the extraction of all information stored on the NAS and execution of arbitrary operating system commands. Follow the speaker's journey from identifying the initial command injection vulnerability to developing a sophisticated exploit that hijacks browser storage values, issues malicious requests, and ultimately opens a remotely accessible operating system shell on the compromised device.

Syllabus

BSidesSF 2019 - Journey to Command Injection: Hacking the Lenovo ix4-300d (Rick Ramgattie)


Taught by

Security BSides San Francisco

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent
Reverse Engineering and Exploit Development
Udemy
Penetration Testing: Advanced Kali Linux
LinkedIn Learning
Linux x86 Assembly and Shellcoding
Udemy
Python : Sıfırdan İleri Seviyeye - Etik Hacker Örnekleriyle
Udemy