Finessing fake firmware security for Friday fun
In light of the uprising spike in IoT botnets impacting critical infrastructures around the world, purchasing products that claim to be “secure” captivate our curiosity and skepticism. With so much fud, snake oil, and self proclaimed secure features, it’s become our due diligence to verify these claims. In other words, device manufactures must walk it like they talk it. Come learn how you can debunk firmware security controls by trying, before buying.
Presented at Security Fest 2018.
Speaker: Aaron GuzmanAbout Aaron Guzman
Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in application security, mobile pentesting, web pentesting, IoT hacking and network penetration testing. He has previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell, breaking code and architecting infrastructures. With Aaron’s years of experience, he has given a number of presentations at various conferences ranging from DEFCON and OWASP’s Appsec USA, to developer code camps around the world. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, President of Cloud Security Alliance SoCal (CSA SoCal), previous President of the High Technology Crime Investigation Association of Southern California (HTCIA SoCal) and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. You can follow Aaron’s latest research and updates on twitter at @scriptingxss.
