Presentation Title:Presentation DetailsThis is the updated version of my presentation given at HITBSecConf Dubai and CONFidence Krakow during this year. Vulnerability details for several 0days will be released during this presentation for the first time. Needless to say, demos will also be shown as the author of the presentation doesn’t believe in research presentations without live attacks!The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device with a focus on vulnerabilities that can be exploited *remotely*.Personal discoveries will be covered, including vulnerabilities found in home/SOHO devices and also corporate appliances. Some interesting vulnerabilities found on embedded devices by other peers such as Kevin Devine will also be explained.The types of vulnerabilities discussed include, but are not limited to:UPnP and HTTP CSRFVoIP call jackingSNMP injectionPhishing via Dynamic DNS poisoningPrediction of default WEP/WPA encryption keysUniversal XSS against users “protected” by firewallsPassword leaks over SNMPInsecure default SNMP settingsAuthentication bypassPrivilege escalatonPersistent HTML injection on admin consolesNot only will *real attacks* be explored, but also the *consequences* of cracking into embedded devices. How nasty can it get after an embedded device has been exploited? How far does the rabbit hole go?About AdrianAdrian “pagvac” Pastor, BSc (Hons) Computer-aided Engineering, has contributed to the IT security community for several years, although he has been involved with the hacker/security scene as a hobbyist since an early age. He has authored several papers, numerous vulnerability advisories and has spoken at events such as HITBSecConf Dubai, CONFidence Krakow, OWASP London chapter and Defcon DC4420. Adrian is perhaps best known for finding critical vulnerabilities on the BT Home Hub, the most popular Wi-Fi home/SOHO router in the UK.Adrian’s work has been featured in established media outlets such as BBC Radio 1, The Washington Post, Wired, Slashdot, PC Pro, The Register, PC World, CNET and many others. He currently works as a Senior White-hat Hacker specialized in vulnerability research, penetration testing, cutting edge security training, and finding simple solutions to complex problems.