Hacking to defend: How we hacked into a Polar Orbit Satellite and managed to get a full system compromise
02-11, 14:30–15:00 (UTC), Track 1- Dragon Suite

Initial discovery was from a Discord message; Some people were talking about having access to a Polar Orbit Satellite due to it not having any authentication. We knew this was a risk in the wrong hands. We decided to research the Web Application shortly after, we were able to get a shell and escalate our privileges. While on the system we managed to identify privilege escalation vectors while also performing source code analysis where we found further command injection vulnerabilities. To ensure other hackers do not kill our shell and patch the bug to perform malicious activities, we created a backup shell for president access!

While researching a Polar Orbit Satellite we managed to identify a critical vulnerability allowing full system compromise, we managed to completely own the box within a time span of a few hours. The vulnerabilities were reported and patched.

I am James, I am 16. I work in Cyber Security as a Junior Security Analyst and an Offensive Web Application Trainer for HackTheBox. I have a background in Offensive Hacking/Penetration Testing. I started at a young age and went down the wrong path where I was investigated and arrested by the National Crime Agency/Federal Bureau of Investigation. I am eJPT Certified and thanked by various companies for reporting vulnerabilities.

My name is Josh, I am 23. I currently work as a Threat Operations Analyst for @HuntressLabs where I am able to defend against a variety of attacks and put Defensive/Forensics techniques into practice.
Lover of all things including IoT, Offensive Sec, Threat intelligence and more.