IoT Hacking - Polycom Conference Phone - Web Exploitation
Рет қаралды 8,653
2 ай бұрынIn this video we demonstrate some typical web application analysis performed when security testing IoT devices.
gist.github.com/probonopd/f60...
cve.mitre.org/cgi-bin/cvekey....
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nmatt0/
#hacking #iot #cybersecurity #privacy #wireshark
@funkadellicd 2 ай бұрын
So pumped that you're putting these out so frequently. I found your channel recently and was sad when i blew through some of your other vid series so fast and you started back up just in time!
@franklinodom4259 2 ай бұрын
Big same, i thought I missed the Matt boat, stoked to see new uploads!
@TradieTrev 2 ай бұрын
Well done Matt! Great series on the Polycom, I do enjoy your unscripted style!
@OnlyVoltsRT 2 ай бұрын
Ehy Matt. Really Cool! i usually practice about classic hacker stuff like web pentesting, ctf, hackthebox, etc etc... and i'm really curious about other hacking areas like : firmware extraction, IOT hacking etc. In this video you join the 2 things making a really really cool content. Well Done!
@matheuscezar6309 2 ай бұрын
Every new video it's a new learning. Thanks a lot! I speak from Brazil!!
@WangLees 2 ай бұрын
Keep up the great work Matt!
@saireddy9707 Ай бұрын
awesome work matt great fan of your work keep doing such awesome content happy to see such great researchers like you in our infosec space who are always ready to contribute and educate.
@amaama4140 2 ай бұрын
Great video, can't wait to see your firmware analysis video.
@ingermany1523 2 ай бұрын
Keep it up. Really nice content. I am glad that I somehow manage to find your channel and to subscribe.
@j3ssh594 2 ай бұрын
Awesome stuff Matt, You are the GOAT 🐐
@OfficialProjectSMP 2 ай бұрын
Suggestion: number the episodes in this series for posterity 😊
@martinskorvald2121 Ай бұрын
Why not try opening the S3 bucket to see if all versions of the firmware are there and maybe more things to use for investigation?
@edwinking4407 2 ай бұрын
Fine and great video.
@tylersharpe9413 2 ай бұрын
Thanks for sharing info on how to do stuff like this.
@Electrically-Electronic 2 ай бұрын
Great keep it up.
@distortions 2 ай бұрын
subbed!
@tubes41 Ай бұрын
I wonder if you could just change the HTTP request to the polycom download server to get all the earlier versions of the firmware and their download links?
@joshpontes1366 2 ай бұрын
What microscope do you use? I got a little tomlov one on Amazon and haven’t been happy with it
@mattbrwn 2 ай бұрын
It's an Amscope. Same one Louis Rossmann uses.
@VillageShorts36 2 ай бұрын
hi i have sti7111 boards can we open uart acess ?
@doubled8511 26 күн бұрын
Which linux distro are you using?
@mattbrwn 26 күн бұрын
arch linux :)
@matheuscezar6309 2 ай бұрын
The "/languages" endpoint looks like a LFI 🤔
@mattbrwn 2 ай бұрын
I tried that! no luck :(
@majed3469 2 ай бұрын
if they use Rtos in their firmware, where the web application source code
@lmaoroflcopter 2 ай бұрын
It would be a nice spot for xml injection.
@Tech2C 2 ай бұрын
All these business comms devices have been supplanted by MS Teams nowadays
@Tech2C 2 ай бұрын
All these business comms devices have been supplanted by MS Teams nowadays
@2Fast4Mellow Ай бұрын
They are not. I visit a lot of larger corporations and they still use physical voip devices. You can't use MS Team/Skype/SlackWare/Zoom/Jitsi/Matrix-Synapse/GoogleMeet to contact regular people. The other person(s) have to use the same software. We do use HTML5 WebRTC sip (software) phone for customer/service desk (callcenter) solutions, but they are all running behind Kamailio/Asterisk PBX setups. Board rooms are still using these conference bridge phones. They are still the norm to quickly get a whole bunch of different people together and they are all using their own hardware. Good luck getting a zoom link to your ISP service desk. Even when you are in a meeting a need a quick update of a specific project, they call an extension, ask the question and get an answer directly or they get called back. Ever tried to order a pizza with MS Teams? Works much better with last century technology... Conference software have their place, but in general are only used to communicate with familiar people. When you need to contact someone you don't know, most people use the plain old telephone...
Matt Brown
Рет қаралды 13 М.
spline
Рет қаралды 602 М.