The Windows SMB remote code execution vulnerability patched by MS17-010 has resulted in widespread attacks against Windows 7 devices. While much of the focus has been on patching desktops and servers, many organizations to continue to neglect devices running the Windows Embedded 7 OS because a public exploit hasn’t existed - until now. Check out how we patched the NSA’s Fuzzbunch tool to demonstrate the importance of patching all devices in a timely manner.

Continued from Security Camera Hacking … Overview and Goals The goal of this phase of my analysis is to learn more about the camera and any vulnerabilities it might have. I will use a traditional dynamic analysis approach, including: Recon\Intelligence Gathering Threat Modeling Vulnerability Analysis & Exploitation For reference, my standard setup can be found here. Phase 1 - Recon and Intelligence Gathering Before I start doing any recon though, I establish a screen session on my attack box in case I get disconnected.

This post was inspired by some work we did almost two years ago, but never got around to fully documenting or reporting the issues to the vendor since this was just independent research. We wanted to have all of the attacks fully baked before reporting the issues, but then moved on to other projects. So I’ve decided to go back and redo all of the work on this to properly document everything.