1. RSAC Sandbox Stage

With most IoTs moving towards cloud platforms, it seemed appropriate to look at their implementations. And boy did the team hit “insecurity gold”! Authentication bypasses, device tampering and RCE. And the beauty of it is that it’s no longer needed to iterate the IP space and find open ports since one bad cloud implementation allows attackers to interact with all devices from the vendor.

Pre-Requisites: Strong networking skills and understanding of tampering with APIs, MQTT, AWS S3. While not mandatory, it would help if the audience had some knowledge of buffer overflows, ROP and command injection for the RCE demos.

Download pptx