Once you realize it’s real you need to have it.
| Verified | https://p0x.io |
poxonus 
- 136 Followers
- 268 Following
- 454 Posts
See my pinned intro post.
People don't think it be like it is but it do.
AndresFreundTecI was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.
Really required a lot of coincidences.
Tinker ☀️So, I've been diving into hacking security cameras even more.
When I have more brain power, I'll post up my full thoughts and write up a how-to guide on everything I know up to this point.
But just a quick tidbit: Even if the web server of the camera is password protected, that does not necessarily mean that the RTSP stream is password protected (and vice versa).
I just ran across a VERY FUCKING SENSITIVE security camera where the web server was password protected... which meant I couldn't alter the configuration. Dang.
And, they password protect all of their web conferences! So I can't join the web conference that this camera system feeds into...
...but the RTSP stream was not password protected.
So! I have full. High Def. Visual AND audio of this particular feed. All the time. Whether any teleconference is going on or not.
This camera and microphone ARE ALWAYS ON!!!!
And a lot of very sensitive discussions have been happening in this room.
I should go to sleep. But this realty television show is the best.
#hacking #infosec #securityCameras
So that's neat.