Simple Firmware Reverse Engineering

Getting access to and examining firmware is easier than you think and it gives some really good insight into how things work. It's never been easier to get started.

https://youtu.be/oqk3cU7ekag

Introduction to Firmware Reversing

To help explain how attackers reverse engineer device firmware, this walkthrough takes a piece of firmware from a binary file to an extracted file system you can explore on your own. For more information check out

https://youtu.be/GIU4yJn2-2A

Using Static Binary Analysis To Find Vulnerabilities And Backdoors In Firmware

Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing amount of the things with which we interact every day have been replaced with embedded devices. These include previously non-electronic devices, such as locks, light switches, and utility meters (such as electric meters and water meters), as well as increasingly more complex and ubiquitous devices, such as network routers and printers. Other devices are becoming increasingly intelligent as well. Modern printers and cameras include complex social media functionality, smart televisions are increasingly including Internet-based entertainment options, and even previously-simple devices, such as watches and glasses are being augmented with complex embedded components.

https://youtu.be/Fi_S2F7ud_g

[DEFCON 20] Embedded device firmware vulnerability hunting using FRAK

Embedded Device Firmware Vulnerability Hunting Using FRAK, the Firmware Reverse Analysis Konsole

https://youtu.be/k9nC8wYVhoU

#Eko2020​ Main Track | Static analysis-based recovery of service function calls in UEFI firmware

Reversing #UEFI​ firmware requires a lot of background and knowledge about #firmware​ and understanding of #hardware​ before you can start hunting for vulnerabilities. With our new tool, we automatically recover services calls and EFI type info, so that a firmware code looks like original

https://youtu.be/rK0tmVa19ME

Introduction to IoT Reversing Firmware

In this webinar, we talked about how to get started with IoT pentesting and hands-on approach for firmware reversing and finding bugs on the classic router and other gateways.

https://youtu.be/pHSDeCszNvU

Malware found on the Huawei's AppGallery app store for the first time (10 apps were installed by 538,000 users)
https://news.drweb.com/show/?i=14182

[Vulnerability] - Cookie Stored injection - XSS at Heroic Third Service, call cookies!

the application calls an external service to create the cookies and they are sent back to the server!

https://youtu.be/maatBdt8TPY

Youtube: @Phatansm_Lab

🕴 @Phantasm_Lab

The Mobile Application Hackers Handbook

Mobile computing has changed the game. Your personal data is no longer just stored on your desktop in the sanctuary of your office or home. You now carry personally identifiable information, financial data, personal and corporate email, and much more in your pocket, wherever you go. The smartphone is quickly becoming ubiquitous, and with at least 40 applications installed on the average smartphone the attack surface is significant.

The focus of this book is highly practical. Although we provide some background theory for you to understand the fundamentals of mobile application vulnerabilities, our primary concern is documenting the techniques you need to master to attack and exploit them. Where applicable, we include real-world examples derived from our many years of experience and from publically documented vulnerabilities.

🕴 @Phantasm_Lab