< NULLCON 2025 - BERLIN />

About the Speaker

GO BACK
img
Emanuele Barbeno
IT Security Analyst Compass Security

< Talk Title />

DHCPwned: Owning Cameras One Lease at a Time

< Talk Category />

Technical Speakers

< Talk Abstract />

We participated in the Pwn2Own 2024 event, focusing on the Surveillance Systems category. In this talk, we will take you on a deep dive into how we successfully exploited a vulnerability in the Ubiquiti AI Bullet IP camera.

We'll show how we performed the analysis to identify attack surfaces, and we'll explain the vulnerabilities we discovered during our investigation, and we'll talk about the exploitation to obtain an unauthenticated RCE, highlighting the unique challenges presented by the Pwn2Own competition, such as time constraints and exploit reliability.

Finally, we will describe the development process we used to write the proof-of-concept exploits. We'll talk about various challenges we encountered and design choices we made to ensure the creation of robust and reliable exploits.

< Speaker Bio />

Emanuele has 10 years of experience working in the area of IT security and he is an IT Security Analyst at Compass Security since 2019. As part of Compass Security's offensive security team, Emanuele conducts security analysis of web applications, external and internal networks, cloud infrastructures, as well as Android applications. Emanuele has responsibly disclosed vulnerabilities in different open source libraries and products, among others in products from Microsoft, Alibaba and others and is also responsible for giving various security-related trainings at Compass Security such as web application security and internal network with focus on the Active Directory security.