A detailed walkthrough of a Pwn2Own IoT competition entry targeting a SOHO attack chain: compromising a QNAP router from the WAN side and pivoting to a TrueNAS Mini X on the LAN. The talk covers the full research process including target selection, firmware decryption, attack surface enumeration (outgoing connections, listening

47m watch time

Sort: