Wi-Fi cameras are popular due to their affordability and convenience but often have security vulnerabilities that can be exploited.

Introduction

AJCloud: A Brief Introduction

Initial Vulnerability Research Efforts

Initial Hardware Hacking

Wansview Cloud for Windows

Exploring the network communications

Advanced Hardware Hacking

Building a P2P Client

Impact

What did the vendors do right?

What did the vendors do wrong?

Mitigations

Key Takeaways

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

This research focuses on the importance of native audit logs in secure-by-design software, emphasizing the need for kernel-level ETW logging over user-mode hooks to enhance anti-tamper protections.

Preamble

Kernel ETW Events

Modern Kernel Event Providers

Legacy Kernel Event Providers

Modern Kernel Trace Providers

Legacy Kernel Trace Providers

Next Steps

Kernel ETW is the best ETW

Bring Your Own Vulnerable Driver (BYOVD) is an increasingly popular attacker technique whereby a threat actor brings a known-vulnerable signed driver alongside their malware, loads it into the kernel, then exploits it to perform some action within the kernel that they would not otherwise be able to do. Employed by advanced threat actors for over a decade, BYOVD is becoming increasingly common in ransomware and commodity malware.

Category

Perspectives

20 September 2024

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

Kernel ETW is the best ETW

Forget vulnerable drivers - Admin is all you need