Difference between revisions of "Hardware Hacking"
Jump to navigation
Jump to search
(Created page with "*https://voidstarsec.com/training.html *https://www.youtube.com/watch?v=hV8W4o-Mu2o&ab_channel=stacksmashing *https://hackaday.com/2019/08/15/uncovering-the-echo-dots-hidden-u...") |
|||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | == Responsible and Ethical Disclosure== | ||
| + | |||
| + | Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a: | ||
| + | |||
| + | 90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix | ||
| + | |||
| + | == Isolated Skills == | ||
| + | |||
| + | *[[Bus Pirate]] | ||
| + | *[[Arm 64 Assembly]] | ||
| + | *[[Firmware Analysis]] | ||
| + | |||
| + | == Links === | ||
| + | |||
*https://voidstarsec.com/training.html | *https://voidstarsec.com/training.html | ||
*https://www.youtube.com/watch?v=hV8W4o-Mu2o&ab_channel=stacksmashing | *https://www.youtube.com/watch?v=hV8W4o-Mu2o&ab_channel=stacksmashing | ||
| Line 5: | Line 19: | ||
*http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/ | *http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/ | ||
*https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ | *https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/ | ||
| + | |||
| + | == References == | ||
| + | *[1] https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure | ||
Latest revision as of 06:41, 6 December 2022
Responsible and Ethical Disclosure
Any work that we do under our hardware hacking will follow the principals whereby, to be a viable target, we must physically own it and it must not be in use. After this any vulnerabilities found will follow the well established "Coordinate Vulnerability Disclosure" [1], also used by Google Project Zero to provide a:
90-day disclosure deadline which starts after notifying vendors of vulnerability, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix
Isolated Skills
Links =
- https://voidstarsec.com/training.html
- https://www.youtube.com/watch?v=hV8W4o-Mu2o&ab_channel=stacksmashing
- https://hackaday.com/2019/08/15/uncovering-the-echo-dots-hidden-usb-port/
- https://hackaday.com/2019/07/29/taking-a-peek-inside-amazons-latest-dot/
- http://andygoetz.org/blog/echo-dot-v2-finding-the-uart/
- https://arstechnica.com/information-technology/2022/03/attackers-can-force-amazon-echos-to-hack-themselves-with-self-issued-commands/
