So Hopelessly Broken - The Implications of Pervasive Vulnerabilities in SOHO Routers

Explore the critical security vulnerabilities in SOHO routers in this comprehensive DerbyCon 3.0 conference talk. Delve into the implications of pervasive vulnerabilities, examining various SOHO router products and the associated security risks. Learn about testing methodologies, including information gathering, scanning, and enumeration techniques. Analyze web applications, servers, and conduct static code analysis and fuzzing. Gain insights into reverse engineering tools and techniques, exploit development, and testing for cross-site request forgery and command injection. Discover directory traversal attacks, buffer overflows, and MIPS architecture specifics. Witness live demonstrations of vulnerabilities and exploits, including an ASUS RT-AC66U ROP chain and MIPS shellcode exploit.

Intro
Topics
Holy hole in the router, Batman!
Subject Background
Players in the SOHO Market
Evaluated SOHO Products
Why did we choose these routers?
Security Risks
Testing Methodology
Information Gathering
Scanning and Enumeration Cont.
Analyzing Web Applications Cont.
Analyzing Servers
Static Code Analysis
Fuzzing (Dynamic Analysis)
Analyze Fuzzing Results
Gaining Access Cont.
Reverse Engineering Toolz and Techniques
Exploit Development
Testing for Cross-Site Request Forgery
Testing for Command Injection
Command Injection - Vulnerable Code ?php
Command Injection Countermeasures
CSRF and Command Injection Demo
Directory Traversal #define: Directory Traversal is a form of attack where an attacker can access files and directories outside of the intended directory
Testing for Directory Traversal
Directory Traversal - Vulnerable Code ?php
Directory Traversal Countermeasures
Directory Traversal Demo
Testing for Buffer Overflows
Buffer Overflow - Vulnerable Code
Buffer Overflow Countermeasures
MIPS Architecture
ASUS RT-AC66U ROP Chain
MIPS Shellcode (RT-AC66U Exploit)
LIVE DEMO