Attify Blog - IoT Security, Pentesting and Exploitation

Fuzzing IoT binaries with AFL++ - Part II

Wed January 26th, 2022

Fuzzing closed source IoT firmware binaries with AFL++ in Qemu mode. Fuzzing networked apps often requires desocketing and patching the binary.

https://blog.attify.com/fuzzing-iot-binaries-with-afl-part-ii/

Fuzzing IoT binaries with AFL++ - Part I

Thu January 13th, 2022

Fuzzing closed source IoT firmware binaries with AFL++ in Qemu mode. Fuzzing networked apps often requires desocketing and patching the binary.

https://blog.attify.com/fuzzing-iot-devices-part-1/

To Boot Or Not To Boot – Practical Attack Vector

Fri December 3rd, 2021

Learn step-by-step how to exploit Bootloaders using Practical attack vectors. Gain root access by loading custom kernel and filesystem using TFTP.

https://blog.attify.com/to-boot-or-not-to-boot-practical-attack-vector/

To Boot Or Not To Boot – Das U-Boot

Fri November 19th, 2021

INTRODUCTION In this post, we will be describing the bootloader that goes by the name of Das U-Boot. We will delve into the following Das U-Boot features, including: - Das U-Boot Origin Story ...

https://blog.attify.com/to-boot-or-not-to-boot-das-u-boot/

To Boot Or Not To Boot

Sun November 7th, 2021

A bootloader is simply the part of the system that is used at start-up to assist in the process of successfully starting the system and loading the operating system kernel. Read more.

https://blog.attify.com/bootloaders-part1/

Analyzing bare metal firmware binaries in Ghidra

Sat October 9th, 2021

Analyzing firmware binaries is often different from analyzing a PE or ELF file which have a definite structure. Reverse engineering firmware binaries often entails going through the datasheet, co...

https://blog.attify.com/analyzing-bare-metal-firmware-binaries-in-ghidra/