Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Squashing Low-hanging Fruit in Embedded Software

Hack In The Box Security Conference via YouTube

Overview

Explore critical vulnerabilities in the NicheStack TCP/IP stack and learn advanced techniques for vulnerability detection and mitigation in embedded systems. Dive into a comprehensive analysis of security flaws affecting various layers of the stack, including buffer overflows, integer overflows, infinite loops, and entropy issues. Discover how researchers utilized a combination of manual analysis, fuzzing, binary-only data-flow analysis, and symbolic execution to uncover these vulnerabilities. Gain insights into automated 0-day identification methods and their potential impact on large-scale vulnerability research. Examine the vulnerability discovery process, including expected findings based on previous research and common TCP/IP anti-patterns. Learn about data-flow analysis using Ghidra's P-Code intermediate representation, function identification techniques, and function divination. Explore strategies for mitigating vulnerabilities in networked devices, including automated firmware analysis and function-based diffing. Discuss the challenges of identifying vulnerable devices on networks and detecting exploit attempts. Consider the implications of this research on supply chain vulnerabilities and Software Bill of Materials (SBOM) initiatives. Gain valuable knowledge to enhance your ability to secure embedded devices at scale and contribute to the ongoing efforts in improving cybersecurity in critical infrastructure and operational technology.

Syllabus

#HITB2021SIN D2T1 - Squashing Low-hanging Fruit In Embedded Software - D. Dos Santos & S. Menashe

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Squashing Low-hanging Fruit in Embedded Software

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.