Josh
@boredpentester
Followers
692
Following
5K
Statuses
1K
Embedded device security researcher / VR / Pwn2Own / RE
Joined September 2018
I've put together a new blog post! This one re-treads @bl4sty's earlier AMLogic research but takes my own approach to exploit development, with an 'alternative' vulnerability and an emulator. Just for fun!
1
24
50
RT @udunadan: This 1000% applies to vulnerability research & exploit development. I think it's even the single most defining thing about thβ¦
0
3
0
Unfortunately, this year all I found was bound checks and non exploitable bugs, but I'm sure I'll find some cool heap overflow issues soon!
1
0
2
Even with typical IDA plugins like VulFi, this process is labourious at scale and simply checking imports doesn't provide enough context. So I've improved my automation to detect known unsafe function use in libraries, their xrefs, and whose calling those xrefsπ€ .
1
0
1
The Kenwood IVI for example, it has an almost monolithic structure where the one Infotainment binary employs many custom libraries for things like image resizing, calling into audio codecs, or doing string parsing. There are other components of course, but this is a big one.
1
0
2
0
0
1
πππ
Confirmed! @SinSinology of @SummoningTeam combined a couple of bugs to exploit the WOLFBOX charger and introduce it to the world of #Pwn2Own. His efforts earn him $50,000 and 5 Master of Pwn points.
0
0
5
πππ
Whew! It took two attempts but the @Synacktiv team successfully exploited the #ChargePoint EV Charger and demonstrated signal manipulation over the connector. They are off to the disclosure room to go over how they did it. #P2OAuto #Pwn2Own
0
0
0
Now that Pwn2Own Automotive is almost out of the way, what targets are you looking forward to working on next?
0
0
0
RT @Raspberry_Pi: Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In cβ¦
0
204
0