Private Keys in Public Places - Finding and Exploiting Hidden Encryption Keys

Explore a critical cybersecurity presentation from DEF CON 31 that exposes how private keys, legitimate CA-blessed certificates, and encryption keys are hidden within firmware and software binaries. Learn techniques for discovering concealed secrets through three real-world examples from major manufacturers. Examine Netgear firmware to find private keys in PEM-encoded text files, investigate Fortinet firmware's custom obfuscated archive files containing Apple and Google issued certificates, and uncover a severe vulnerability in Dell software involving a static AES encryption key that can compromise any customer's vCenter environment. Gain insights into proper key management practices, the significance of developer training, and the importance of eliminating these systemic security risks in software development.