Anyone Can Find This IoT Security Vulnerability!

https://www.tcm.rocks/hh-y - Learn hardware and IoT hacking in the TCM Security Academy! It's one of the 25+ courses available when you purchase an All-Access Membership.

Can anyone find an IoT vulnerability? Even people who don't know anything about hardware hacking or IoT Security? Andrew Bellini believes that they can, and in this video, he walks through how to find this specific vulnerability (command injection.) Watch as he shares the methodology that he uses to find vulnerabilities exactly like this in the wild.

#cybersecurity #iotsecurity #hardwarehacking #iot #pentesting

Go even further with the PIPA, the Practical IoT Pentest Associate. Get the PIPA here: https://www.tcm.rocks/pipa-y

Sponsor a Video: https://www.tcm.rocks/Sponsors
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com

📱Social Media📱
___________________________________________
X: https://x.com/TCMSecurity
Twitch:   / thecybermentor  
Instagram:   / tcmsecurity  
LinkedIn:   / tcm-security-inc  
TikTok:   / tcmsecurity  
Discord:   / discord  
Facebook:   / tcmsecure  

Timestamps:
0:00: Intro
1:15: What is Command Injection
2:13: Getting the firmware
5:02: Unpacking firmware
9:50: Enumerating root file system
17:07: TCM certification message
17:41: Exploring web interface
23:59: Tracing logging strings to binaries and libs
26:53: Reverse engineering with Ghidra
32:56: Exploiting vulnerability

Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk

My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: https://amzn.to/31MOgpu

My Recording Equipment:
Panasonic G85 4K Camera: https://amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: https://amzn.to/2LIRxAp
Aston Origin Microphone: https://amzn.to/2LFtNNE
Rode VideoMicro: https://amzn.to/309yLKH
Mackie PROFX8V2 Mixer: https://amzn.to/31HKOMB
Elgato Cam Link 4K: https://amzn.to/2QlicYx
Elgato Stream Deck: https://amzn.to/2OlchA5

*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.