Faraday goes to Defcon: “Taking off the blindfold: Detecting persistent threats on Draytek edge devices.”

Faraday goes to #DEFCON 🔥

Check out the details of our latest investigation by our research team, led by Octavio Gianatiempo & Gaston Aznarez.

More than 500k Draytek routers are exposed to the Internet globally, and no working tools exist to extract their firmware. Our research team reverse-engineered Draytek’s firmware format, developed tools to extract it, discovered some vulnerabilities, and found that its RTOS can dynamically load code modules. These stored modules remain active even after firmware upgrades, inadvertently facilitating persistent threats. Using these tools, they crafted a malicious module to add a backdoored SSH and installed it by exploiting the newly found vulnerabilities to achieve persistence. Then, they developed a defensive module to detect this kind of attack.
Come to their talk at #DEFCON32 to find out more!

See you on Sunday, the 11th, at 10:00 AM in LVCC — L1 — HW2–07–04 (Creator Stage 1).

More information: https://defcon.org/html/defcon-32/dc-32-creator-talks.html#54642 ⚡

Trainings, red teaming services, or continuous scanning? We’ve got you covered. Reach out for more information. 💥