Talk Title:
Firmware Security Village
Abstract:
The Firmware Security Village is designed to provide both beginners and experienced participants with comprehensive insights into firmware analysis through a hands-on approach using Capture the Flag (CTF) challenges. Participants will use the FACT firmware analysis tool and live devices accessible via a local network.
The workshop emphasizes practical demonstrations over traditional presentations, offering participants a firsthand experience of the firmware analysis workflow. Key technical challenges include
- identifying software components,
- searching for hard-coded credentials,
- and identifying bug fixes.
FACT automates most analysis steps, allowing participants to focus on understanding how to find and reproduce information in different environments. Additional focus areas include methods for finding and aggregating information, creating a firmware database for various research purposes, and quickly rediscovering vulnerabilities using pattern matching. Participants will also have the opportunity to customize their analysis setup and integrate new features into FACT on-site.
This village will be organised for 4hrs
Speaker Bio:
Johannes vom Dorp is a researcher at Fraunhofer FKIE, specializing in firmware security analysis. He has extensive experience in developing and utilizing the Firmware Analysis and Comparison Tool (FACT) framework to automate and enhance firmware analysis processes. His work focuses on identifying vulnerabilities, improving system hardening, and leveraging mass analysis capabilities to streamline firmware security assessments. Johannes is actively involved in organizing and presenting at industry workshops and conferences, where he shares his expertise in firmware security and promotes best practices for safeguarding embedded systems.
Valentin Obst is a researcher at Fraunhofer FKIE. His broad research interests are in the area of operating systems and program analysis, but he is also interested in programming languages and compilers. In particular, his research focuses on static analysis based methods for bug detection in firmware binaries. Furthermore, he maintains the `cwe_checker`, an open-source static binary analysis tool
