Finessing fake firmware security for Friday fun

In light of the uprising spike in IoT botnets impacting critical infrastructures around the world, purchasing products that claim to be “secure” captivate our curiosity and skepticism. With so much fud, snake oil, and self proclaimed secure features, it’s become our due diligence to verify these claims. In other words, device manufactures must walk it like they talk it. Come learn how you can debunk firmware security controls by trying, before buying.

This was presented at Security Fest 2018.

Speakers: Aaron Guzman

About Aaron Guzman

Aaron Guzman

Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in application security, mobile pentesting, web pentesting, IoT hacking and network penetration testing. He has previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell, breaking code and architecting infrastructures. With Aaron’s years of experience, he has given a number of presentations at various conferences ranging from DEFCON and OWASP’s Appsec USA, to developer code camps around the world. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, President of Cloud Security Alliance SoCal (CSA SoCal), previous President of the High Technology Crime Investigation Association of Southern California (HTCIA SoCal) and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. You can follow Aaron’s latest research and updates on twitter at @scriptingxss.

 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.