Today we’re going to learn how security researchers work. Jacob Holcomb is a principal researcher at Baltimore’s Independent Security Evaluators (ISE), where he’s worked on SOHOpelessly Broken, which discovered over 50 new 0-day vulnerabilities in network routers and served as the foundation for the first-ever router hacking contest at DEFCON in IoT Village.
He’s a penetration tester who has presented at BlackHat USA, BlackHat Europe, DEFCON, DerbyCon, BSidesDC, and many others. During this livestream, Holcomb will show us a now-patched vulnerability in the ASUS RT-N56U router. He’s going to exploit a stack-based buffer overflow to get full remote access. An attacker with a root shell on a router could man-in-the-middle internet traffic to steal credentials or monitor that traffic to setup more attacks on other targets in that router's network.
Holcomb and our security reporter Lorenzo Franceschi-Bicchierai will walk you through step-by-step to explain how these exploits were used to find a vulnerability in the router. We will show how to reverse engineer the router's web server and the development of the exploit to gain full remote access on the router. To be clear, this exploit was responsibly disclosed to ASUS and has been patched. The vulnerability no longer exists. If you own the router, you should make sure you’re using the latest firmware.
This is part of How Hacking Works, a series of stories that demystifies the art of security research in hopes of improving digital security across the board.