Presented at
THOTCON 0x6 (2015),
May 14, 2015, 5 p.m.
(50 minutes).
Bad code is everywhere and the tools to dig it up are maturing at an astonishing rate. The day of reckoning has come device manufacturers who have neglected the adoption of secure development practices. Join us as we dive into firmware updates for many different devices and uncover undocumented 'recovery features' (backdoors), hardcoded accounts, direct url access/permissions issues and buffer overflows.
Presenters:
-
Jeremy Richards
Jeremy is a vulnerability researcher for SAINT Corporation - performing research and uncovering weaknesses in a variety of technologies, and developing security software professionally for nearly a decade. These days he spends his time writing remote unauthenticated vulnerability checks by reverse engineering changes introduced by security patches and identifying the root cause. Jeremy has recently started developing a framework to extract data from firmware images and perform automated analysis. His research in this area has uncovered a compelling number of undocumented risks that impact a large number of devices and user environments.
Similar Presentations: