登录查看更多内容

Don't ship your shell command history

Jason Tang

Staff Reverse Engineer at Dragos

发布日期: 2022年9月10日

When analyzing embedded and IoT devices, check for the presence of a shell command history. The results are sometimes surprising. Likewise, if you're preparing for a pentest engagement with a device vendor and can get your hands on their product, the command history can provide useful insights into the client's network and security practices.

I recently came across a good example of this after performing a chip-off flash dump of a popular wireless access product. The product shipped with a firmware image containing the bash_history used in its initial provisioning. This leaked some interesting artefacts such as:

- Internal vendor IP addresses

- Weak internal vendor FTP credentials

- Internal CA private key (KEK) used for certificates

Vendors - always delete the shell history in your firmware before you ship!

#hacking #reverseengineering #computersecurity

Ionatan Waisgluss

Cybersecurity/Privacy/OSINT Professional | CIPP/C | PI | CCI | Security+

2 年

Important to think about, thanks for sharing!

1 次回应

要查看或添加评论，请登录

Jason Tang的更多文章

GhidrAssist: An LLM Extension for Ghidra

2024年9月29日

GhidrAssist: An LLM Extension for Ghidra

I'm excited to share a project I've been working on in my spare time - it's a plugin for Ghidra called GhidrAssist…

3 条评论
The Ghost of OllyDbg

2023年8月29日

The Ghost of OllyDbg

We're all busy. Hiring is a chore.

2 条评论
ChatGPT Turing Completeness

2023年3月9日

ChatGPT Turing Completeness

Did you know, with the right prompting, ChatGPT can emulate a Turing machine with fairly high fidelity? I'm sure with…
A Challenge Badge Memoir

2022年12月16日

A Challenge Badge Memoir

Today, my former colleagues at Field Effect each received their 2022 Challenge Badge at their Christmas get-together…

6 条评论
TEE-ing off - Or why adding a socket listener to tee-supplicant is not a recipe for success

2022年9月22日

TEE-ing off - Or why adding a socket listener to tee-supplicant is not a recipe for success

Here's another story of woe (whoa?) that is interesting in the threat surface it exposed. First a little background.
Cryptographic Oracles - A Practical Example

2022年9月11日

Cryptographic Oracles - A Practical Example

As security researchers, we sometimes view cryptographic weaknesses as more academic curiosity than practical threat…

See all articles

Don't ship your shell command history

Jason Tang

Staff Reverse Engineer at Dragos

Jason Tang的更多文章

社区洞察

其他会员也浏览了

Did You Know That Anyone Can See Your CCTV Video, Even When It's Encrypted?

Does Convergence Spell The End For Integrators

4 REASONS WI-FI 6 IS BETTER THAN WI-FI 5

Save the date: ICS Cybersec Israel 2021

How to Stop Your Home From Getting Hacked

SECURITY: THE AV WAY OR THE IOT WAY

A step toward a more secure IoT market

What is the impact of the Internet of Things on distributed denial-of-service attacks?

Launching SGS’s ?IoT Security Checked Label” for Smart Home-, Consumer IoT Devices and Smart Toys

Is It Time to Start Certifying Connected Devices?

Jason Tang的更多文章

GhidrAssist: An LLM Extension for Ghidra

The Ghost of OllyDbg

ChatGPT Turing Completeness

A Challenge Badge Memoir

TEE-ing off - Or why adding a socket listener to tee-supplicant is not a recipe for success

Cryptographic Oracles - A Practical Example

社区洞察

其他会员也浏览了

Did You Know That Anyone Can See Your CCTV Video, Even When It's Encrypted?

Does Convergence Spell The End For Integrators

4 REASONS WI-FI 6 IS BETTER THAN WI-FI 5

Save the date: ICS Cybersec Israel 2021

How to Stop Your Home From Getting Hacked

SECURITY: THE AV WAY OR THE IOT WAY

A step toward a more secure IoT market

What is the impact of the Internet of Things on distributed denial-of-service attacks?

Launching SGS’s ?IoT Security Checked Label” for Smart Home-, Consumer IoT Devices and Smart Toys

Is It Time to Start Certifying Connected Devices?