I spent all day looking for vulns in a IoT clothes dryer. What did I find?
* HTTPS to talk to backend service
* XMPP w/ STARTTLS to steam events
* Cert pinning so no MitM
* Android app obfuscated w/ no obvious backend URLs or certs
* Dryer runs an AP for initial setup w/ DHCP and HTTPS servers
* That HTTPS requires auth with a password printed on a label near the door
Best I could do was get the DHCP server to serve the same IP to every request.
Well done GE.
Another day, another set of BMC vulns. https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/ #iWorkThere #BackdoorManagementController
OpenBIOS - open source Forth firmware
telnet http://mapscii.me # For maps in your terminal from OpenStreetMap. Use arrow keys to move around and a/z to zoom in/out. Or use your mouse if your terminal supports that.
Even after working at Apple and Google, I identify as a 1x engineer: https://1x.engineer/
I did a podcast interview: https://unnamedre.com/episode/24
I'm in awe of how many links are in the show notes. We covered a _lot_ of topics.
"Never underestimate the power of proving someone wrong with hard data." - @jessfraz