In this talk, presenters will explain the pairing process of WD and Synology NAS. They will elaborate on the overall architecture of their cloud offering and focus on the vulnerabilities they found including ways to enumerate and impersonate all edge devices using certificate transparency log (CTL), and steal cloud proxy auth tokens. This enabled them to download every file saved on the NAS devices, alter or encrypt them, and bypass NAT/Firewall protection to achieve full remote code execution on all cloud-connected NAS (and to gain $$$ from Pwn2Own). | 
