![DEF CON 23 [Audio] Speeches from the Hacker Convention artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts123/v4/c3/f8/7e/c3f87e44-fc95-645c-620b-3c8e5117429e/mza_5097239825481086059.jpg/100x100bb.jpg)
Ricky "HeadlessZeke" Lawshae - Let's Talk About SOAP, Baby. Let's Talk About UPNP
DEF CON 23 [Audio] Speeches from the Hacker Convention
English - October 21, 2015 22:27 - 40.4 MB - ★★★ - 4 ratingsTechnology Education How To def con defcon hacking hacker conference computer security security research defcon 23 def con 23 dc-23 dc23 Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Lets-Talk-About-SOAP.pdf
Extras here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Extras.rar
Let's Talk About SOAP, Baby. Let's Talk About UPNP
Ricky "HeadlessZeke" Lawshae Security Researcher, HP TippingPoint
Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability you can think of, and an all-around lack of good security practice about sums it up. In this talk, I will discuss this growing attack surface, demonstrate different methods for attacking/fuzzing it, and provide plenty of examples of the many dangers of insecure SOAP/ UPnP interfaces on embedded and "smart" devices along the way.
Ricky "HeadlessZeke" Lawshae is a Security Researcher for DVLabs at HP TippingPoint with a medium-sized number of years' experience in professionally voiding warranties. He has spoken at the DEF CON, Recon, Insomni'hack, and Ruxcon security conferences, and is an active participant in the extensive Austin, TX hacker community. In his meager spare time, he enjoys picking locks, reading comic books, and drinking expensive beers.
Twitter: @HeadlessZeke