secur3.us
Open in
urlscan Pro
104.236.191.89
Public Scan
URL:
https://secur3.us/
Submission: On July 14 via api from US — Scanned from US
Submission: On July 14 via api from US — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Skip to content SECUR3.US Hacks, Research, and Ramblings of Craig Young Menu * Training * Conferences * Publications * Vulnerabilities * Consulting Scroll down to content DISCLAIMER All information contained on this site is strictly for educational purposes. Do not conduct security assessments on devices you do not own or have explicit permission to test. ABOUT Craig Young is a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig’s presentations on Google authentication weaknesses have led to considerable security improvements for all Google users. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. His research into iOS WiFi problems more recently exposed CVE-2015-3728 that could allow devices to inadvertently connect to malicious hot spots. Craig has also successfully employed fuzzing techniques to find flaws in a variety of open source software including a memory corruption in MatrixSSL that could be used to achieve code execution on at least 100,000 Internet gateways. More recently, Craig has turned his attention to flaws in TLS/HTTPS implementations. Refer to ROBOT, Zombie POODLE, and GOLDENDOODLE for more details. TRAINING IOT HACK LABS Over the years, I’ve found dozens of vulnerabilities affecting a wide array of embedded devices including routers, cameras, baby monitors, televisions, and various home automation products. In 2015, I began documenting the tools and techniques which worked best for me and developed a series of hands-on labs to teach the fundamental skills of software based device hacking. My training sessions and workshops have taught hundreds of students about how to find and exploit bugs. All classes focus on lab exercises using a provided VM along with an online learning portal. Most lab exercises make use of virtualized vulnerable components from real-world devices that I have found vulnerabilities in. This year, I will be doing things a little differently by having a stronger focus on building the fundamental Linux skills needed to perform effective security audits. BLACK HAT USA Title: An Introduction To IoT Pentesting with Linux Dates: August 5-6, 2019 (Las Vegas, USA) Register Here The goal of this class is to help students of all backgrounds learn how to better use Linux for vulnerability research with an emphasis on IoT. This two-day, comprehensive training covers topics ranging from basic router hacking all the way to sophisticated DNS rebinding exploitation. Students will learn fundamental Linux concepts needed to effectively analyze, emulate, and exploit devices. Each lesson concludes with a walkthrough of different vulnerabilities from initial analysis and discovery through exploitation. Topics include: * Firmware component emulation * Router authentication bypass and password disclosure * HTTP command injection * UPnP API vulnerability * CSRF with automated target discovery * DNS rebinding Students will learn about technologies and tools including: * QEMU * Binwalk * BASH * cURL * Python * JavaScript -------------------------------------------------------------------------------- SECTOR 2019 Title: Brainwashing Embedded Systems Deep Dive Dates: October 7-8, 2019 (Toronto, ON) Registration Not Yet Open CONFERENCES Black Hat USA 2018 : Return of Bleichenbacher’s Oracle Threat (ROBOT) (Slides | USENIX) 2018 (training) : A Guided Tour of Embedded Software Hacks Black Hat Asia 2019 : Zombie POODLE, GOLDENDOODLE & How TLSv1.3 Can Save Us All DEF CON 2013 (21): Android WebLogin: Google’s Skeleton Key (Video | Slides) 2014 (22 – Wireless Village): Pineapple Abductions (Video) 2015 (23): How To Train Your RFID Hacking Tools (Video | Slides | WP) 2015 (23 – IoT Village): Smart Home Invasion (Video | Slides) 2016 (24): Brainwashing Embedded Systems (4-hr Workshop) 2017 (25): Brainwashing Embedded Systems (4-hr Workshop) BSides SF 2013: Google-Jacking (Video | Slides) 2014: A Day In The Life (Of a Security Researcher) (Slides) 2016: Fuzz Smarter, Not Harder (An afl-fuzz Primer) (Video | Slides) SECtor 2015-2017: Tripwire VERT IoT Hack Lab (Link) 2016-2017: Brainwashing Embedded Systems (8-hr Workshop) AusCERT 2016: Brainwashing Embedded Systems (8-hr Workshop) Infosec Europe 2015 Intelligent Defence: Smart Home Invasion (Clip | Slides) 2019 Geek Street: The Art of DNS Rebinding BSides London 2014: A Day In The Life (Of a Security Researcher) (Video | Slides) JOINSec 2014: Exploiting Trust In the Google Ecosystem (Clip) VULNERABILITIES This page is a partial listing of vulnerabilities I’ve found in recent years. CVE CVE Product CVE-2019-10081 Apache httpd: mod_http2, read-after-free in h2 connection shutdown CVE-2019-10082 Apache httpd: mod_http2, memory corruption on early pushes CVE-2019-0196 Apache httpd: mod_http2+scoreboard, Use-After-Free (READ) CVE-2019-5592 FortiOS SSL Deep Inspection TLS Padding Oracle Vulnerabilities (GOLDENDOODLE and Zombie POODLE) CVE-2019-6593 CBC padding oracles on F5 products (GOLDENDOODLE and Zombie POODLE) CVE-2019-6485 CBC padding oracles on Citrix products (GOLDENDOODLE and Zombie POODLE) CVE-2018-20783 PHP Heap Overflow in PHAR access CVE-2018-10549 PHP Heap Overflow in Exif CVE-2018-1333 Apache HTTP2 DoS CVE-2017-13099 WolfSSL (ROBOT) CVE-2017-1000385 Erlang (ROBOT) CVE-2017-13098 Bouncy Castle (ROBOT) CVE-2017-12373 Cisco ASA (ROBOT) CVE-2017-17428 Cisco ACE (ROBOT) CVE-2017-17427 Radware Alteon (ROBOT) CVE-2017-17382 Citrix NetScaler (ROBOT) CVE-2017-6168 F5 Networks (ROBOT) CVE-2017-2339 Juniper ScreenOS CVE-2017-2338 Juniper ScreenOS CVE-2017-2337 Juniper ScreenOS CVE-2017-2336 Juniper ScreenOS CVE-2017-2335 Juniper ScreenOS CVE-2017-12934 PHP Unserialize() #3 CVE-2017-12933 PHP Unserialize() #2 CVE-2017-12932 PHP Unserialize() #1 CVE-2016-6892 MatrixSSL CVE-2016-6891 MatrixSSL CVE-2016-6890 MatrixSSL CVE-2016-10050 ImageMagick CVE-2016-1000216 Ruckus Zone Flex APs CVE-2016-1000215 Ruckus Zone Flex APs CVE-2016-1000214 Ruckus Zone Flex APs CVE-2016-1000213 Ruckus Zone Flex APs CVE-2015-5878 Apple OS X CVE-2015-5447 HP StorOnce CVE-2015-5446 HP StorOnce CVE-2015-5445 HP StorOnce CVE-2015-3728 Apple iOS CVE-2014-9700 MiOS MiCasa Vera Lite (media) CVE-2014-9699 Makerbot Replicator 5th Gen 3D Printer CVE-2014-9698 Makerbot Replicator 5th Gen 3D Printer CVE-2014-9064 Samsung SmartThings Hub CVE-2014-9063 MiOS MiCasa Vera Lite (media) CVE-2014-9062 MiOS MiCasa Vera Lite (media) CVE-2014-9061 MiOS MiCasa Vera Lite (media) CVE-2014-9011 Wink Hub (media) CVE-2014-9010 Wink Hub (media) CVE-2014-9009 Wink Hub (media) CVE-2014-9008 Belkin NetCam Wi-Fi Camera (TV demo) CVE-2014-9007 Stratus ftServer BMC CVE-2014-8007 Stratus ftServer BMC CVE-2014-8006 Stratus ftServer BMC CVE-2014-8005 Stratus ftServer BMC CVE-2014-8004 Stratus ftServer BMC CVE-2014-8003 Stratus ftServer BMC CVE-2014-8002 Stratus ftServer BMC CVE-2014-8001 Stratus ftServer BMC CVE-2014-8000 Stratus ftServer BMC CVE-2014-7973 QNAP Turbo 4.1.1 CVE-2014-7972 QNAP Turbo 4.1.1 CVE-2014-7964 QNAP Turbo 4.1.1 CVE-2014-7963 QNAP Turbo 4.1.1 CVE-2014-7962 QNAP Turbo 4.1.1 CVE-2014-7961 QNAP Turbo 4.1.1 CVE-2014-7160 LANDesk 9.5.1 for OS X CVE-2014-6447 Pineapple WiFi CVE-2014-6446 Pineapple WiFi CVE-2014-6445 Pineapple WiFi CVE-2014-6444 Pineapple WiFi CVE-2014-6442 Application Crash Reporter for Android CVE-2014-6441 HBO Go Android App CVE-2014-6226 Pineapple WiFi CVE-2014-6225 Pineapple WiFi CVE-2014-6224 Pineapple WiFi CVE-2014-6223 Pineapple WiFi CVE-2014-5486 Belkin N900 CVE-2014-5485 Belkin N900 CVE-2014-5484 D-Link DIR-865L CVE-2014-5483 TrendNET TEW-812DRUV2 CVE-2014-5482 NETGEAR Centria CVE-2014-5481 NETGEAR Centria CVE-2014-5480 NETGEAR Centria CVE-2014-5479 NETGEAR Centria CVE-2014-5478 Linksys EA6500 CVE-2014-5477 Uber Android App CVE-2014-5476 Pineapple WiFi CVE-2014-5475 NETGEAR WNDR4700 CVE-2014-5474 Asus RT-AC66U CVE-2014-4426 Apple OS X CVE-2014-4016 Zencart CVE-2014-4015 Zencart CVE-2014-2641 HP System Management Homepage CVE-2014-2566 PHONE for Google Voice & GTalk CVE-2014-2530 Hyundai BlueLink App CVE-2014-1954 Zoneminder CVE-2014-1953 Zoneminder CVE-2014-1952 Zoneminder CVE-2014-1951 Zoneminder CVE-2014-1920 Cisco CHS 435HDC DVR CVE-2014-1919 NETGEAR WNR2000v3 CVE-2014-1918 Linksys WRT110 v8 CVE-2014-1917 Linksys WRT110 v8 CVE-2014-1898 Tenda A5 Travel Router CVE-2014-1897 Tenda A5 Travel Router CVE-2014-1857 Precor Elliptical 1110 E CVE-2014-1856 Loftek (and others) CVE-2014-0570 Adobe ColdFusion CVE-2013-7150 Asus RT-N16 CVE-2013-7056 NETGEAR WGR614v9 CVE-2013-7037 Zoom 5341J Cable Modem CVE-2013-7036 Zoom 5341J Cable Modem CVE-2013-6115 NETGEAR ReadyNAS CVE-2013-5982 NETGEAR ReadyNAS CVE-2013-5981 NETGEAR ReadyNAS CVE-2013-5949 Asus RT-N16 CVE-2013-5948 Asus RT-N16 CVE-2013-5947 Asus RT-N16 CVE-2013-5928 Linksys E1200 CVE-2013-5927 Asus RT-N16 CVE-2013-5926 D-Link DIR-615 CVE-2013-5925 EnGenius ESR1750 CVE-2013-5924 EnGenius ESR1750 CVE-2013-5923 Linksys E1200 CVE-2013-5922 Linksys E1200 CVE-2013-5921 Linksys E1200 CVE-2013-5737 Asus RT-N16 CVE-2013-5736 Asus RT-N16 CVE-2013-5735 Asus RT-N16 CVE-2013-5734 D-Link DIR-615 CVE-2013-5733 D-Link DIR-615 CVE-2013-5732 D-Link DIR-615 CVE-2013-5731 D-Link DIR-615 CVE-2013-5682 NETGEAR Many Models CVE-2013-5681 NETGEAR Many Models CVE-2013-5577 NETGEAR Many Models CVE-2013-4796 Review Board CVE-2013-4795 Review Board CVE-2013-4052 IBM WebSphere CVE-2013-3683 Arcor-Easy Box A 300 CVE-2013-3682 Arcor-Easy Box A 300 CVE-2013-3568 Linksys/Cisco WRT110 CVE-2013-3547 Motorola VT2442 Router CVE-2013-3546 Motorola VT2442 Router CVE-2013-3545 Motorola VT2442 Router CVE-2013-3314 Loftek (and others) CVE-2013-3313 Loftek (and others) CVE-2013-3312 Loftek (and others) CVE-2013-3311 Loftek (and others) CVE-2013-3293 NETGEAR WNDR3700v2 CVE-2013-3292 NETGEAR WNDR3700v2 CVE-2013-3291 NETGEAR WNDR3700v2 CVE-2013-2752 NETGEAR ReadyNAS CVE-2013-2751 NETGEAR ReadyNAS CVE-2013-2745 miniDLNA CVE-2013-2739 miniDLNA CVE-2013-2738 miniDLNA CVE-2013-2600 MiniUPnPd CVE-2013-2209 Review Board CVE-2013-0544 IBM WebSphere CVE-2013-0542 IBM WebSphere CVE-2012-6466 Cloudshark CVE-2012-6458 SilverStripe e-commerce Module CVE-2012-6457 phpScheduleIt CVE-2012-6455 Cloudshark CVE-2012-6297 DD-WRT v24-sp2 CVE-2012-6296 miniDLNA / ReadyNAS CVE-2012-6295 miniDLNA / ReadyNAS CVE-2012-6294 miniDLNA / ReadyNAS CVE-2012-6293 mt-daapd / ReadyNAS CVE-2012-6292 mt-daapd / ReadyNAS CVE UNAVAILABLE PCRE Stack Corruption WordPress SmartyWP Plugin CONTACT Twitter: @CraigTweets LinkedIn: CraigATL GitHub: cy1337 H1: cy1337 vuln-report at secur3 dot us PGP ID: 9868 924D D33C ADD8 6770 2967 59EC F804 0319 EC49 DISCLAIMER All information contained on this site is strictly for educational purposes. Do not conduct security assessments on devices you do not own or have explicit permission to test. Proudly powered by WordPress