Our customized threat modeling identifies vulnerabilities within your security posture that puts your most valuable organizational and client data — the crown jewels — at risk.
Our security audits and vulnerability assessments are based on industry standards and best practices to assess weaknesses in your cloud environment and network, as well as mobile and web-based apps.
Our sophisticated testing services delve into your network, smart devices and other systems to expose critical security deficiencies.
Continued from Security Camera Hacking …
Overview and Goals The goal of this phase of my analysis is to learn more about the camera and any vulnerabilities it might have. I will use a traditional dynamic analysis approach, including:
Recon\Intelligence Gathering Threat Modeling Vulnerability Analysis & Exploitation For reference, my standard setup can be found here.
Phase 1 - Recon and Intelligence Gathering Before I start doing any recon though, I establish a screen session on my attack box in case I get disconnected.
This post was inspired by some work we did almost two years ago, but never got around to fully documenting or reporting the issues to the vendor since this was just independent research. We wanted to have all of the attacks fully baked before reporting the issues, but then moved on to other projects. So I’ve decided to go back and redo all of the work on this to properly document everything.
My standard testing process takes some a little work upfront, but I’ve found it’s easy to work with after the initial setup and is the most efficient way for me to manage different projects.
First off, I typically funnel my traffic through a single egress point. Depending on the project, that might be a Kali box deployed at a client site, in a cloud instance, in my office lab, or even locally.
You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.
© 2020 FRACTURE LABS, LLC ALL RIGHTS RESERVED