![](\"https:\/\/video-images.vice.com\/articles\/5a0b2035128957795c7b0a48\/lede\/1510680736459-DSC02274.jpeg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jason Koebler| Date: Tue, 14 Nov 2017 17:32:28 +0000<\/strong><\/p>\n Today we\u2019re going to learn how security researchers work. Jacob Holcomb is a principal researcher at Baltimore\u2019s Independent Security Evaluators<\/span><\/a><\/span> (ISE), where he\u2019s worked on SOHOpelessly Broken<\/span><\/a>, which discovered over 50 new 0-day vulnerabilities in network routers and served as the foundation for the first-ever router hacking contest at DEFCON in IoT Village<\/span><\/a>. <\/span><\/span><\/p>\n He\u2019s a penetration tester who has presented at BlackHat USA, BlackHat Europe, DEFCON, DerbyCon, BSidesDC, and many others. During this livestream, Holcomb will show us a now-patched vulnerability in the ASUS RT-N56U router. He\u2019s going to exploit a stack-based buffer overflow to get full remote access. An attacker with a root shell on a router could man-in-the-middle internet traffic to steal credentials or monitor that traffic to setup more attacks on other targets in that router’s network. <\/span><\/p>\n Holcomb and our security reporter Lorenzo Franceschi-Bicchierai will walk you through step-by-step to explain how these exploits were used to find a vulnerability in the router. We will show how to reverse engineer the router’s web server and the development of the exploit to gain full remote access on the router. To be clear, this exploit was responsibly disclosed to ASUS and has been patched. The vulnerability no longer exists. If you own the router, you should make sure you\u2019re using the latest firmware. <\/span><\/span><\/p>\n