ian dupont
@comedian.bsky.social
Vulnerability Researcher @ Margin Research | Adjunct Professor @ NYU
Building on the previous research, my colleague Harrison and I gave a talk at REcon 2022 on a post-auth 0day found in MikroTik routers.
We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!
margin.re/2022/06/pull...
We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!
margin.re/2022/06/pull...
Pulling MikroTik into the Limelight
A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak
margin.re
November 16, 2024 at 6:11 PM
Building on the previous research, my colleague Harrison and I gave a talk at REcon 2022 on a post-auth 0day found in MikroTik routers.
We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!
margin.re/2022/06/pull...
We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!
margin.re/2022/06/pull...
Starting with this post, which was a niche hit in the vulnerability research x cryptography community. Didn't expect to spend so much time reversing proprietary crypto algos and would like to think I'm better for it, but probably not lol. @ert.plus
Check it out here: margin.re/2022/02/mikr...
Check it out here: margin.re/2022/02/mikr...
MikroTik Authentication Revealed
A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication
margin.re
November 13, 2024 at 6:09 PM
Starting with this post, which was a niche hit in the vulnerability research x cryptography community. Didn't expect to spend so much time reversing proprietary crypto algos and would like to think I'm better for it, but probably not lol. @ert.plus
Check it out here: margin.re/2022/02/mikr...
Check it out here: margin.re/2022/02/mikr...
Been here for a while but haven't been active—hoping to change that going forward!
Will post a bunch of my research links from the other site here, for posterity
Will post a bunch of my research links from the other site here, for posterity
November 12, 2024 at 5:27 PM
Been here for a while but haven't been active—hoping to change that going forward!
Will post a bunch of my research links from the other site here, for posterity
Will post a bunch of my research links from the other site here, for posterity