This is a fun write-up.
-
This is a fun write-up. @da_667 it's not something you can write sigs for but you might find it interesting anyway.
A Route to Root in a 4G Industrial Router
A journey into the USR-G806AU 4G LTE industrial router. From fake root accounts to real and undocumented root accounts, and the discovery of hardcoded credentials that expose devices to remote compromise.
Tanto Security (tantosec.com)
H / T @buherator
-
This is a fun write-up. @da_667 it's not something you can write sigs for but you might find it interesting anyway.
A Route to Root in a 4G Industrial Router
A journey into the USR-G806AU 4G LTE industrial router. From fake root accounts to real and undocumented root accounts, and the discovery of hardcoded credentials that expose devices to remote compromise.
Tanto Security (tantosec.com)
H / T @buherator
@cR0w @da_667 @buherator oh no not again
-
@cR0w @da_667 @buherator oh no not again
@h2onolan @da_667 @buherator At least it's a well written tire fire.
-
@h2onolan @da_667 @buherator At least it's a well written tire fire.
@cR0w i liked the ghidra asides.
A while back, cradlepoint shipped some vulnerable sierra crap that allowed an attacker to do unauthed proxy, running up huge data bills on remote well installations. Fun times- thanks for the traumatic stress flashback
-
@cR0w i liked the ghidra asides.
A while back, cradlepoint shipped some vulnerable sierra crap that allowed an attacker to do unauthed proxy, running up huge data bills on remote well installations. Fun times- thanks for the traumatic stress flashback
@h2onolan I swear I find a new Sierra device in our org like monthly. Undocumented but there's always one person who knows what it is so it's fine it's all fine. Or so I'm told.
-
This is a fun write-up. @da_667 it's not something you can write sigs for but you might find it interesting anyway.
A Route to Root in a 4G Industrial Router
A journey into the USR-G806AU 4G LTE industrial router. From fake root accounts to real and undocumented root accounts, and the discovery of hardcoded credentials that expose devices to remote compromise.
Tanto Security (tantosec.com)
H / T @buherator
@cR0w @da_667 @buherator
> [The Pi] had been looking at me longingly, much like the Flipper Zero we all have in our bottom desk drawer, each hoping for something to do.DUDE.
-
@cR0w @da_667 @buherator
> [The Pi] had been looking at me longingly, much like the Flipper Zero we all have in our bottom desk drawer, each hoping for something to do.DUDE.
@FritzAdalis @da_667 @buherator Feeling a bit called out?
-
@FritzAdalis @da_667 @buherator Feeling a bit called out?
@cR0w @FritzAdalis @buherator I have an ancient 512mb pi sitting in one of my shelf cubbies, connected to an unplugged samsung wall wort just staring a hole into the back of my head right now.
-
@cR0w @FritzAdalis @buherator I have an ancient 512mb pi sitting in one of my shelf cubbies, connected to an unplugged samsung wall wort just staring a hole into the back of my head right now.
@cR0w @FritzAdalis @buherator oh yeah, that doesn't include the one with 4gb of ram, sitting in a water-resistant otter-box knockoff case, that can't stare me down.
-
R relay@relay.infosec.exchange shared this topic
