Start / Nexus: A Claroty Podcast / Noam moshe on hacking video surveillance

Noam Moshe on Hacking Video Surveillance

28 min • 7 augusti 2025

Noam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications.

Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually gain pre-authentication remote-code execution.

Moshe explains Team82's research process, the risks to users, and the successful disclosure process with Axis Communication that resulted in prompt patches available for the servers and camera platforms.

Noam Moshe on Hacking Video Surveillance

Senaste avsnitt

Noam Moshe on Hacking Video Surveillance

Dan Berte on Solar Grid and IoT Vulnerabilities

Vivek Ponnada on the Ongoing Maturity of OT Security

Austin Allen on the Cybersecurity Realities Facing Healthcare

Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Steven Sim on OT-ISAC and the State of Information Sharing

Sarah Fluchs on the Cyber Resilience Act

Andrew Ohrt on Cyber-Informed Engineering

Megan Stifel on the Impact of the Ransomware Task Force

Joe Slowik on Identifying Truly 'Critical' Infrastructure

Danielle Jablanski on Critical Infrastructure Protection

Cassie Crossley on Hardware Security, HBOMs

Christiaan Beek on Ransomware's Evolution and Economics

Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Ron Fabela on Low-Skilled OT and ICS Threat Actors

Munish Walther-Puri on Creating a Scale for Cybersecurity Incidents

Brian Foster on the Risks of a Hyperconnected Grid

CISA's Matthew Rogers on Secure by Demand for OT

Noam Moshe on the IOCONTROL Malware

Team82 on Attacking the Insecure IoT Cloud

Volexity's Steven Adair on the Nearest Neighbor Attack

Joe Saunders on Advanced Cyberattacks Against Critical Infrastructure

Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Alethe Denis on Social Engineering, Red-Teaming

Alon Dankner on Extracting Crypto Keys from PLCs

Noam Moshe on Extracting Forensic Data from Unitronics PLCs

Alexander Antukh on Cyber Risk Quantification

Vincente Diaz on Using AI for Malware Analysis

Ahmik Hindman on Patching OT and ICS

Dr. Bilyana Lilly on Information Warfare

Vinnie Liu on Offensive Security Testing During Incidents

Diana Kelley on Protecting the AI Lifecycle

Jennifer Minella on OT Cybersecurity Convergence

Charles Blauner on the Changing Role of the CISO

Mikko Hypponen on a Decade of Corporate Ransomware Attacks

Adm. Michael Rogers on Geopolitics and Cybersecurity

Abel Archundia on Complexity in Critical Infrastructure

Adam Gluck on Industrial DevOps

Greg Garcia on the Change Healthcare Cyberattack

Ryan Pickren on New Web-Based PLC Malware Research

Mike Rogers on Understanding a CISO's Personal Exposure in Cyber Incidents

Team82 Answers More of your OT Cybersecurity Questions

Juan Piacquadio on Securing Pharma 4.0

David Elfering on CISOs and Cyber Liability Insurance

Team82 Answers Your Vulnerability Research Questions

Mandiant on Sandworm APT Attacks in Ukraine

Don Weber on Security Culture in Control Environments, STAR Methodology

MITRE on Caldera for OT

Jim LaBonty on the OT Security Stack

Stephen Reynolds on Protecting the CISO During Incident Investigations

Team82 on NAS Research, OPC UA Exploit Framework

Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk

Jennifer Lyn Walker on Cybersecurity Risks in the Water Sector

Kathleen Moriarty on CIS' IoT Security Guidance

Walter Risi on the CISO's Journey from IT to OT

Noam Moshe on Teltonika 4G IIoT Router Cybersecurity Research

Charles Carmakal on Cybersecurity Threats to Healthcare

Lorrie Cranor on IoT Security and Privacy Labels

Skip Sorrels on the 405(d) HICP, Healthcare Cybersecurity

Dave Elfering on Cyber Liability Insurance

Vera Mens on Akuvox E11 Vulnerabilities

Adm. Mike Rogers on the National Cybersecurity Strategy

Katherine Gronberg on the Federal Government and OT/IoT Cybersecurity

Noam Moshe on a Generic WAF Bypass Technique

Sharon Brizinov on Hacking IoT

Joe Slowik on TRITON Malware, XENOTIME Hacking Group

Inside Team82's EvilPLC Attack

Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List

Vergle Gipson on Cyber-Informed Engineering

Noam Moshe on the Evil PLC Attack

Dan Gunter on Threat Hunting in Industrial Control Systems

Dan Ricci on the ICS Advisory Project

Vera Mens on Hacking Flow Computers

Don C. Weber on ICS Cybersecurity Training, Education

Idaho National Lab on the INL Control Environment Laboratory Resource (CELR)

Thomas Schmidt and Martin Scheu on the Common Security Advisory Framework