An introduction to the router exploit kits

OWASP Czech Chapter Meeting

Most of the security-oriented people already know about the risks of WPE/WPA/WPA2 attacks and how to crack (in)secured Wi-Fi passwords, stuff we won’t talk about. Instead, this talk will be focused on the JavaScript client-side attacks. XSS is overrated and CSRF is dead (SameSite cookie), but malicious actors are infecting hundreds of thousands of SOHO routers and turning them into powerful botnets almost daily. How hard is getting a foothold into the internal network with just a few JavaScript lines and why nobody is talking about it?

---

Slides

• https://vavkamil.cz/assets/slides/2019-12-11-router-exploit-kits.pdf

---

Bio

Kamil Vavra has been interested in the ethical hacking scene since his early childhood and therefore is in the IT security field for more than 10 years. Over time, his specialization evolved in offensive website security.He is currently working as an Application Security Engineer at Kiwi.com, where he can fully apply his broad experience. Kamil is a bug bounty veteran, reported many security vulnerabilities to top companies around the world, as well as a moderator of the reddit.com/r/bugbounty community with more than 5,500 active members.Kamil likes to share knowledge, gives talks and lectures at non-commercial conferences, creates open-source tools for penetration testers github.com/vavkamil and publishes interesting articles on his blog vavkamil.cz.