This post extends the poster I’ve presented to DFRWS EU 2022 in Oxford with additional images of the devices that were burned and analyzed for this experiment.
Enjoy!
Continue reading “Physical Analysis of Damaged IoT Devices – DFRWS EU 2022 Poster”
DHCP Relay on Vyos through Wireguard/IPSec-VTI | A tale of sufferance…
Last week I had a simple idea, upgrade a xiaomi openwrt router to a whitebox running esxi, vyos and a couple other applications.
My current homelab setup was a site-to-site using Wireguard between the openwrt router and a USG3 with DHCP relayed from the remote (openwrt) site to the main site’s DCs, both sites are behind NAT (thanks to ISP routers without bridging -_- ) and thus wireguard is the best choice.
Checking vyos doc, wireguard is present, vyos has a dhcp-relay functionality. All good, should be as easy as installing vyos and configuring everything, right? Riiight? Continue reading “DHCP Relay on Vyos through Wireguard/IPSec-VTI | A tale of sufferance…”
[CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products
The preface of the disclosure of CVE-2018-16225 (https://blog.francescoservida.ch/2018/09/16/cve-2018-16225-public-disclosure-qbee-camera-vulnerability/) contained a little lie: I did not find one vulnerability during the research for my master thesis, but four, three of which were still being patched by the vendor/under the 90 days disclosure timeframe given to the vendor. Continue reading “[CVE-2018-16222 to 16225] Multiple Vulnerabilities in QBee and iSmartAlarm Products”
[CVE-2018-16225] Public Disclosure – QBee Camera Vulnerability
During the research for my master thesis on IoT forensics: “Internet of Things: Traces, Vulnerabilities and Forensic Challenges” (more about it in the future), I found one vulnerability in the QBee Multisensor Camera (https://qbeecam.com/).
Continue reading “[CVE-2018-16225] Public Disclosure – QBee Camera Vulnerability”