Finessing firmware security testing

Presented at ShellCon 2020 Virtual, Oct. 10, 2020, 11 a.m. (55 minutes)

Whether network connected or standalone, firmware is the center of controlling any embedded device. As such, it is crucial to understand how firmware can be manipulated to perform unauthorized functions and potentially cripple the supporting ecosystem's security. This presentation will provide an overview of how to get started with performing security testing and reverse engineering of firmware leveraging the OWASP Firmware Security Testing Methodology (FSTM) as guidance when embarking on an upcoming assessment.

Presenters:

• Aaron Guzman
  Aaron Guzman is co-author of the "IoT Penetration Testing Cookbook" and is a Technical Leader within Cisco Meraki's security team. He leads open-source initiatives that provide awareness around IoT security defensive strategies as well as lowering the barrier of entry into IoT hacking under OWASP's IoT and Embedded Application Security projects. Aaron is co-chair for Cloud Security Alliance's IoT Working Group and a technical reviewer for several IoT Security books. He has extensive public speaking experience delivering conference presentations, trainings and workshops globally. Follow Aaron's research on Twitter @scriptingxss.

Links:

• https://2020.shellcon.io/talks/2020/firmware-security-testing/
• https://downloads.shellcon.io/slides/2020/firmware-security-testing-shellcon2020.pdf

Similar Presentations:

• REcon 2022 / Detect Me If You Can - Anti-Firmware Forensics
• Black Hat USA 2015 / Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
• 30C3 (2013) / An introduction to Firmware Analysis: Techniques - Tools - Tricks