• Security Camera Dynamic Analysis

    Continued from Security Camera Hacking … Overview and Goals The goal of this phase of my analysis is to learn more about the camera and any vulnerabilities it might have. I will use a traditional dynamic analysis approach, including: Recon\Intelligence Gathering Threat Modeling Vulnerability Analysis & Exploitation For reference, my standard setup can be found here. Phase 1 - Recon and Intelligence Gathering Before I start doing any recon though, I establish a screen session on my attack box in case I get disconnected.

  • Security Camera Hacking

    This post was inspired by some work we did almost two years ago, but never got around to fully documenting or reporting the issues to the vendor since this was just independent research. We wanted to have all of the attacks fully baked before reporting the issues, but then moved on to other projects. So I’ve decided to go back and redo all of the work on this to properly document everything.

  • Web Assessment Testing Configuration

    My standard testing process takes some a little work upfront, but I’ve found it’s easy to work with after the initial setup and is the most efficient way for me to manage different projects. First off, I typically funnel my traffic through a single egress point. Depending on the project, that might be a Kali box deployed at a client site, in a cloud instance, in my office lab, or even locally.

Big Breaks Come From Small Fractures.

You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.