Firmware Security 101

BSidesLV 2018

Presented by: Arpita Biswas
Date: Wednesday August 08, 2018
Time: 17:30 - 17:55
Location: Proving Ground

More often than not, firmware is seen as an intriguing no man’s land -neither software nor hardware exclusively. However, increasing interest in firmware binaries is challenging their security, which has depended on obscurity for decades. As attackers focus more on them, understanding the fundamentals of firmware become more relevant to be able to defend ourselves better. This talk is derived from my personal experiences of tinkering with firmware without any formal learning in it. It is intended as an introduction for anyone who is interested in firmware security but doesn’t know where to start from.I will talk about:(1) System architecture.(2) Firmware flavors – BIOS and UEFI(3) Attack vectors(4) Defensive approaches.(5) Open source firmware tools.Hopefully, by the end of this talk, the audience will have a big picture of firmware architecture and security measures.

Arpita Biswas


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats