Explore the intricacies of Synology NAS security in this 50-minute conference talk from Hack In The Box Security Conference. Dive into the world of Network Attached Storage (NAS) with a focus on Synology, the leader in small-business and home NAS solutions. Learn how to prepare the environment for security research, identify device models and versions through fingerprinting, and understand local services used for device management. Discover a Wireshark plugin for dissecting the syno_finder protocol, and gain insights into the login flow and internal process flow for remote access. Examine vulnerabilities from both local and remote attack perspectives that could potentially compromise the device. Benefit from the speaker's expertise as a security engineer from Qihoo 360 Nirvan Team, specializing in embedded device security. Cover topics including installation, preparation, local and remote adversary perspectives, device fingerprinting, HTTP request process flow, remote attack surfaces, and various Synology applications such as DS file, Synology Calendar, Media Server, and Audio Station. Read more