Loading…
Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Friday, September 13 • 4:30pm - 5:15pm
IoT AppSec: Automatic Security Analysis of IoT Firmware

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk is the result of a 6 month long person project of mine to automatically, unpack and analyze IoT firmware for common security issues, with a nice web GUI to boot. ByteSweep is a Free Software platform that automates a lot of the common steps I conduct manually when performing IoT pentests. ByteSweep utilizes the python libraries provides by binwalk to programatically extract filesystems from firmware images. In order to extract crypto keys and password hashes hard coded into firmware images, ByteSweep implements a custom strings regex search engine with configurable rules stored in a config file. Radare2's python r2pipe library is used to analyze extracted binaries for any unsafe function calls. (e.g. strcpy, sprintf, system, etc.) Version strings are extracted, using the strings regex search engine, from 3rd party components like open source programs and/or libraries. These version numbers are then compared against software version associated with CVEs by using the NVD JSON Data Feed.

My talk will feature live demos of the ByteSweep platform but I'll pre-record them all in case of failure.

ByteSweep Licensing:
* Web Frontend: AGPLv3
* Backend Worker: GPLv3



Speakers
avatar for Matt Brown

Matt Brown

Iot Pentester
Matt Brown (nmatt) works by day as an infosec professional and by night as a Free Software hacker. His interests in IoT security began at his first defcon (23) where he placed 2nd in the IoT CTF. Today, Matt works as an internal IoT pentester for a major home security company. Matt... Read More →


Friday September 13, 2019 4:30pm - 5:15pm
Lincoln 4