Cristofaro Mune

Cristofaro Mune

Talk Title:

PwdLess: Exploitation Tales from RouterLand


The talk leads the audience on a journey in an attacker mindset, techniques, and choices while targeting a real consumer IoT device. A wide range of techniques are used: Fuzzing, Reverse engineering, Code injection, Exploit development in constrained environments.

Full remote control of the target is achieved in multiple ways, allowing to discuss common patterns in IoT device security. Previously undisclosed vulnerabilities are discussed and demonstrated on stage. The research has been performed under specific constraints, hinting that, under some conditions, remote execution can be achieved even in very short timeframes.

Finally, the research allows touching upon the security challenges posed by supply chains, device obsolescence, and security support.


Cristofaro has 15+ years of experience in SW & HW security assessment of highly secure products. He has given talks at renown security conferences, like BlackHat, BlueHat, HITB,, on Fault Injection, TEEs, White-Box cryptography, IoT exploitation and mobile security.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved