Abusing UPnP to create the perfect cloaking framework

Given the rise of exposed IoT routers, UPnP is quite an interesting attack vector to enter the network of a target.

The protocol can further be abused to «hop» through a victim in order to masquerade your true IP address.

Symantec has found evidence of attacks from the «Inception Framework» hiding behind an increasingly complex network of proxies and cloud services since 2014. We will dig in and see the potential ways to abuse UPnP to create an alternative anonymity framework.


x0rz is a French hacker, former blueteam now working as a pentest/redteam consultant in Paris for international customers. He is also a member of the RTFM (rtfm.re) association and a known security evangelist throughout the community.

Social sharing