11 April, 2018

Reflecting upon OWASP TOP-10 IoT Vulnerabilities

It’s no secret the implementation of security mechanisms and services in embedded devices is far from perfect. Known categories of vulnerabilities of smart devices are well described in Top IoT Vulnerabilities. To prove the relevance of this list, we’ve provided examples of vulnerable devices for each type. We hope, it’ll demonstrate the full scale of
29 March, 2018

Cisco Smart Install Remote Code Execution

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow [CWE-20], [CWE-121] Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C (10.0) A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely execute arbitrary code without authentication. So it allows getting full control over a vulnerable network equipment. Smart Install
7 March, 2018

DJI Spark hijacking

It is no pleasant experience at all for anyone to get the valuable property bought with the money you have earned with your blood, sweat, and tears stolen by some unknown cybercriminal. The Internet of Things (IoT) is developing with the rapid pace, and the devices that can be controlled remotely have become an indispensable
11 January, 2018

SCADA And Mobile Security In The Internet Of Things Era

Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”

Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.

14 November, 2017

Skeleton in the closet. MS Office vulnerability you didn’t know about

Introduction What is the beginning of a typical research? Any research begins with detecting vulnerabilities with common tools. Although the process does not require much time and effort, it works well.Detection procedure is focused on vulnerabilities in third-party libraries used in outdated software and widely known to the IT community. A developer creates different versions
10 November, 2017

How To Cook Cisco

Introduction This white paper is intended to reveal intricacies of Cisco vulnerabilities exploitation. All the information presented in this research is based on our experience and updates other researchers’ experience and knowledge. The very process of exploiting Cisco vulnerabilities depends heavily on a specific vulnerability and a gadget. We encourage you to think of the