The Shadow File

Need to reverse engineer or exploit a file upload vulnerability in an embedded web server? I added a multipart/form-data class to Bowcaster...

Previously I posted about running and remotely debugging a Netgear UPnP daemon using QEMU and IDA Pro. This time we’ll take on the challeng...

It's often the case, when analyzing an embedded device's firmware, that static analysis isn't enough. You need to actually execu...

A few years ago, when I worked for my previous employer, I put together a proof-of-concept that was to be part of a client demo. I thought i...

Here are some additional resources I may have mentioned in my Infiltrate 2014 presentation. White Paper:  SQL Injection to MIPS Overflows ...

A grad student emailed me in response to my Netgear auth bypass post .  He's working on a research project and wanted to know if I knew...

For my presentation at BayThreat, entitled "BT Wireless Routers: Adventures in Reversing and Exploiting", rather than have one or ...

At the end of my post on the Netgear wndr3700v4's authentication bugs, I said to expect followup posts. Once the web interface is unloc...

UPDATE: Turns out, Jacob Holocomb ( @rootHak42 on Twitter) of Independent Security Evaluators found this bug back in April on a different d...

I've just added a module to Bowcaster  that I think is cool. Actually, I just got around to finishing a module that was there all along....

Update December 2014: 44CON has posted the videos from all 2013 talks online. Unfortunately, they don't allow the videos to be embedded,...