ian dupont's Avatar

ian dupont

@comedian.bsky.social

Vulnerability Researcher @ Margin Research | Adjunct Professor @ NYU

794 Followers  |  61 Following  |  3 Posts  |  Joined: 28.04.2023
Posts Following

Posts by ian dupont (@comedian.bsky.social)

Preview
Pulling MikroTik into the Limelight A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

Building on the previous research, my colleague Harrison and I gave a talk at REcon 2022 on a post-auth 0day found in MikroTik routers.

We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!

margin.re/2022/06/pull...

16.11.2024 18:11 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MikroTik Authentication Revealed A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication

Starting with this post, which was a niche hit in the vulnerability research x cryptography community. Didn't expect to spend so much time reversing proprietary crypto algos and would like to think I'm better for it, but probably not lol. @ert.plus

Check it out here: margin.re/2022/02/mikr...

13.11.2024 18:09 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Been here for a while but haven't been activeβ€”hoping to change that going forward!

Will post a bunch of my research links from the other site here, for posterity

12.11.2024 17:27 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0