SFS presentation about Synology

Published on April 16, 2008 in Exploits and Security Engineering. 0 Comments

This morning I summed up everything that happened with Synology and everything I have continued working on since my previous article was written in a deck of slides at the weekly SFS meeting.

Here is an overview of the items not covered in the previous article:

  • The director of software development at Synology contacted me one business day after my ISIS Blogs post. They have already released a firmware update to fix the most critical issues and came up with an “enhancement” plan (security fixes are not enhancements, but I digress) to fix the rest!
  • I’ve started developing ARM/Linux2.6 shellcode so I can integrate a Synology exploit into Metasploit. First try: virtualize the firmware inside of qemu. Failed. Second try: install gcc directly on device. So far so good.
  • I wrote an FTP request module for Sulley to fuzz the FTP server Synology is using. I haven’t been able to use yet because I hit the built-in connection limit on the FTP server and it starts ignoring me. That is a project for another day.

See the entire deck of slides here: http://cryptocity.net/archive/synology_presentation.pdf

  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • E-mail this story to a friend!
  • LinkedIn
  • Print this article!
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • TwitThis
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 United States License.

0 Response to “SFS presentation about Synology”

Feed for this Entry Trackback Address
  • No Comments

Leave a Reply