Entries by Scott Tenaglia

SQLite as a Shell Script

During the course of our research into the security of Belkin’s WeMo home automation devices we developed a new technique to leverage a SQL injection vulnerability in a SQLite database for arbitrary command execution. This post documents how we were able to create a SQLite database that can be executed as an ash shell script […]

Killing Mirai: Active defense against an IoT botnet (Part 1)

In recent weeks the world has witnessed the concept of an IoT botnet turn from theory to reality, with devastating consequences. While the ISPs, DDoS mitigation services, and others scramble to figure out how to augment traditional defenses to handle this new threat, we decided to investigate a less conventional approach. Attackers often rely on […]