Note: Regarding COVID-19 safety, Hardwear.io will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Hardwear.io will follow all applicable health regulations required by the local (GGD) and government (RIVM and VWA) authorities.
The BootPwn experience enables the attendees to gain hands-on experience with identifying and exploiting vulnerabilities applicable to Secure Boot as implemented on modern devices. Different technical topics are covered by exciting hands-on exercises which are performed using our unique and versatile training infrastructure. We use gamification as much as possible in order to stimulate attendees. The attendees will walk away with a better understanding of the attack surface of Secure Boot, which is often underestimated.
Secure Boot is fundamental for assuring the authenticity of the Trusted Code Base (TCB) of secure devices. Recent attacks on Secure Boot, implemented by a wide variety of devices such as video game consoles and mobile phones, are a clear indicator that Secure Boot vulnerabilities are widespread.
Are you interested in learning and experiencing what it takes to break Secure Boot leveraging more than just software vulnerabilities?
Then, this is THE experience for you!
The BootPwn experience puts you in the attacker's seat in order to explore the attack surface of Secure Boot while identifying and exploiting interesting vulnerabilities applicable to real-world devices. The experience itself is exercise-driven and gamified using an exciting jeopardy-style Capture-The-Flag (CTF).
Using an emulated device, which is based on publicly available code bases, you will be challenged to identify and exploit interesting vulnerabilities specific to Secure Boot. Even though the emulated device implements the ARMv8 (AArch64) architecture, many exercises are at the same time architecture independent.
Do no worry if your reverse engineering or exploiting skills are rusty or non-existing. You do not need to be an software security expert nor do we aim to make you one. Nevertheless, most exercises can be completed in various ways which are interesting for experiences attendees as well. Moreover, hardware attacks like Fault Injection, which are a very relevant threat for Secure Boot, are discussed and simulated where possible.
Anyone with a technical background should be able to complete the BootPwn experience. Less-experienced attendees will rely on hints and/or solutions available during the hands-on exercises whereas more-experienced attendees will not. Nonetheless, familiarity with the following is helpful:
Niek Timmers is a Co-Founder at Raelize where he provides support for developing, analyzing and testing the security of embedded devices. He has been analyzing and testing the security of devices for over a decade. Usually his interest is sparked by technologies where the hardware is fundamentally present. He shared his research on topics like Secure Boot and Fault Injection at various conferences like Black Hat, Bluehat, HITB, hardwear.io. and NULLCON.
Cristofaro Mune is a Co-Founder at Raelize and has been in the security field for 15+ years. He has 10 years of experience with evaluating SW and HW security of secure products, as well as more than 5 years of experience in testing and assessing the security of TEEs. He has contributed to development of TEE security evaluation methodologies and has been member of TEE security industry groups. His research on Fault Injection, TEEs, Secure Boot, White-Box cryptography, IoT exploitation and Mobile Security has been presented at renowned international conferences and in academic papers.