From WAN to NAS: A Pwn2Own Journey Through the SOHO Attack Surface - Daan Keuper - NDC Security 2026 скачать в хорошем качестве

From WAN to NAS: A Pwn2Own Journey Through the SOHO Attack Surface - Daan Keuper - NDC Security 2026

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: ‪@NDC‬ Follow our Social Media!   / ndcconferences     / ndc_conferences     / ndc_conferences   #hacker #iot The SOHO Smashup is a famous category in the IoT focused edition of Pwn2Own. Contestants are challenged to exploit a router from the WAN side and then use that device to exploit a second device on the internal LAN. Last year, we took them up on this challenge and successfully demonstrated a 0day exploit chain against a QNAP router and pivoting to a TrueNAS system. In this presentation, we'll describe how we performed our research and the vulnerabilities we found. The Dutch NCSC issued a warning last year that they see an increase of threat actors that shift their attention from endpoints to edge devices, including routers. This demonstrates the relevance of the SOHO Smashup category in Pwn2Own. Vulnerabilities in routers that could be exploited from the WAN side pose a real security risk for companies; as these devices are often badly monitored and not kept up to date. Threat actors who are able to compromise a router are in a key position to further advance into the internal network of a company. In this talk we'll describe the vulnerabilities and exploits. Specifically, we'll describe our research method on the QNAP router. We tried to increase our attack surface step by step, until we found a reliable exploitation path.