Where’s phase 3 for the stack buffer overflow!? It will come! Sorry, it’s been busy the last couple weeks. There’s been the CSAW qualifications that I participated in with a work team, DerbyCon, and Flare-On just started! Lot’s of activity in the community right now. The writeups for the DVRF series will continue soon! I will also convert my notes into writeups for the CSAW qualifications I solved along with the other challenges I was able to work on after the qualification finished up.
I have also been working on my presentation, which is this Thursday, at the Nebraska Cyber Security Conference in Lincoln, NE. You can find more information at their site along with a brochure of the scheduled talks. On page 3 of the brochure I am scheduled to speak at 1:45p and page 5 has the abstract of the talk below:
“This talk is an introduction for people looking to assess software within the firmware of a hardware device. Specifically, the talk will discuss the open source project, Damn Vulnerable Router Firmware, provide a brief overview of the MIPS CPU architecture and assembly language, give a brief rundown of MIPS disassembly with tools, as well as demonstrate how to pwn some of the intentionally broken binaries within the DVRF firmware. The firmware for this project can either run on an actual hardware device or be emulated in software. The talk would show how this can all be done in software to provide an easy way into the world of penetration testing of firmware on hardware devices.
As firmware on hardware continues to be more readily available (either from the vendor or by dumping it through hardware access), organizations and individuals need to assess the software within the firmware. Not a lot of attention has been focused on hardware and firmware vulnerabilities as we see with mobile and Web applications. This talk helps to provide more awareness of the vulnerabilities within firmware software and how people can get into this area of infosec.”
It should be a fun time with a lot of great talks there at the conference! If you’re there, come and say hi!
No comments:
Post a Comment