UPnP sucks, everybody knows it, especially blackhat proxy operators.  UPnProxyPot was developed to MITM these operators to see what they're doing with their IoT proxy networks and campaigns.  We'll cover SSDP, UPnP, UPnProxy research/campaigns as well as cover a new Golang based honeypot, so we can all snoop on them together!

REFERENCES:
http://www.upnp-hacks.org (OG disclosure)
https://www.youtube.com/watch?v=FU6qX0-GHRU (DEF CON 19 talk I attended)
https://www.akamai.com/us/en/multimedia/documents/white-paper/upnproxy-blackhat-proxies-via-nat-injections-white-paper.pdf (my initial UPnProxy research)
https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html (additional UPnProxy campaign researcher, also mine)

DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

UPnProxyPot: fake the funk, become a blackhat proxy, MITM their TLS, and scrape the wire

Conference: Defcon 29

Abstract

Post a comment

Related work