Скачать с ютуб LIVESTREAM: How We Discovered New Vulnerabilities in the Buffalo TeraStation TS5600D1206 NAS в хорошем качестве

LIVESTREAM: How We Discovered New Vulnerabilities in the Buffalo TeraStation TS5600D1206 NAS

Blog with more details on the vulns found in this device: https://blog.securityevaluators.com/b... Follow us on:   / isesecurity     / iotvillage   Website: https://www.securityevaluators.com https://blog.securityevaluators.com Abstract: The ongoing research conducted by ISE Labs has discovered a wide range of vulnerabilities in small-office/home-office (SOHO) devices, totalling over 100 CVE-worthy vulnerabilities so far. However, discovering vulnerabilities is not the only goal of ISE Labs’ efforts — We also aim to share our findings and pass on the knowledge we have gained. That’s what this livestream is for. We’re going to cover a few simple yet severe vulnerabilities in the Buffalo TeraStation TS5600D1206. This network attached storage (NAS) dvice, aimed at small businesses, happens to have some functionalities that do their job just a little too well. We’ll cover vulnerabilities leading to authentication bypass, command injection, arbitrary file upload, etc. In doing so, we’ll go over the methods used to discover these vulnerabilities and demonstrate just how much damage an attacker could do. Bio: Ian Sindermann is an Associate Security Analyst at Independent Security Evaluators (ISE), where he conducts rigorous security assessments of various computer hardware and software products. With a primarily self-taught education and prior experience as a wannabe sysadmin, his background lies in web application security, IoT devices, and *NIX systems. Insatiable curiosity has led to a variety of other interests including hardware hacking, legacy systems, mainframes, and whatever tech obscurities he can get his hands on.