Hacking Dahua (DHA) security cameras: breaking firmware encryption & exploiting two RCE bugs. 🎥🪛📤🪲👨🏻‍💻

Security researcher Alexandru Lazar presents his research journey: how he extracted and decrypted firmware, and then analyzed and exploited vulnerabilities in Dahua (DHA) security cameras - the second-largest manufacturer of video surveillance equipment in the world.

Here you have a rare opportunity to see the journey a researcher goes through end to end - from motivation to disclosure timeline. And with many interesting insights on how to deal with custom encryption, find, and exploit vulnerabilities.

Interesting and impactful research with a happy ending - the vulnerabilities were reported to the vendor and fixed fast. Enjoy the slides or presentation (or both!).

More details:

Never enough about cameras: Firmware keys hidden under the rug

Slides [PDF]: https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20villages%20and%20creators/DEF%20CON%2033%20-%20Never%20Enough%20About%20Cameras.pdf

Presentation [Youtube]: https://lnkd.in/dJ2ivYsQ