How many 0days can a research team discover in 4 years of vulnerability research in IoT? How many of them are relevant and can be used even today? How to get started (or advance further) with IoT vulnerability research? This talk will answer all these questions and show some hands-on shell-popping and authentication bypasses as well as some new stuff being published especially for RSAC 2021.


RSA® Conference, the world’s leading information security conferences and expositions, concluded its 30th annual event, which took place as a fully virtual experience this week. This year’s theme was Resilience, and in honor of all that the cybersecurity industry has accomplished over the past three decades, offered a must-attend celebration of thought leadership and education.


More than 20,000 people registered to view 449 sessions including, keynotes, track sessions, interactive programs, tutorials, seminars, and many special digital-first programs that focused on best practices and innovation. The content covered many of the industry’s most pressing topics, including privacy, machine learning and artificial intelligence, analytics, anti-fraud, policy and government, and risk management and governance.

4 Years of IoT Vulnerability Research and Countless 0days - A Retrospective

Conference: RSA Conference 2021

Abstract

Post a comment

Related work

Zero bugs found? Hold my Beer AFL! How To Improve Coverage-Guided Fuzzing and Find New 0days in Tough Targets

Let’s Cook: Contextual Vulnerabilities are the Ingredients and OWASP Top 10 Mapping the Seasoning

The Unbelievable Insecurity of the Big Data Stack: An Offensive Approach to Analyzing Huge and Complex Big Data Infrastructures