The Never-Implemented Story of Penetration Tests on Video Surveillance Networks

Offensive research on video surveillance systems is really not a new topic. Their components, especially cameras, are everywhere. It is very common to see at least one of them on the network during penetration tests on IT or OT. They have all been torn apart in many ways, from hardware to network services and configurations. Almost everyone has heard about the scenario of camera sequence looping to hide intrusions from security personnel. But how many tools and techniques do you know to address video surveillance systems during IT/OT pentests? How many of them are truly plug-and-play or at least practical? Do you know any ready-to-use scripts to perform the looping trick? Of course tools and scripts exist, but I was confident I would find many, and even comprehensive, practical toolkits. When I didn't, I also discovered that there are good technical reasons behind that. One of them relies on the constraints of assessments conditions, which is our starting point here. Many interesting attacks require a setup that is hardly achievable outside of test benches. Therefore, we will discuss a few techniques and tools that can be used during pentests, with a focus on those that rely on the very common ONVIF standard. In this context, we consider that the only way to reach the video surveillance components is through the network. One of these techniques is, of course, the video looping trick, but this approach has specific requirements that are bypassed in most demos and tutorials I’ve seen (including one I’ve done myself :)). Now, let’s face the challenge and make the attack work in real-world conditions - always with safety in mind.

Presented at Security Fest 2026.

Speaker: Claire Vacherot

About Claire Vacherot

Claire Vacherot

Claire Vacherot is a pentester and researcher at Orange Cyberdefense in France. She likes to test systems and devices that interact with the real world, and to play with industrial network protocols. Sometimes, she also speaks about all of this at conferences such as GreHack, Defcon, Hack.lu or SSTIC. As a former software developer, she never misses a chance to write scripts and tools.

 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.
Get newsletter →