IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653
Analysis of a Chrome Zero Day: CVE-2019-5786
Bonus mention for off-the-cuff reverse engineering of a (suspected) North-Korean 2nd stage implant: Torisma Implant Reversing
Avaya Deskphone: Decade-Old Vulnerability Found in Phone’s Firmware
Microsoft Azure Sphere Bug Bounty ($160k bounty): blog and white-paper
McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump
Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers
-
2018:
- BsidesPDX - Let's learn MIPS and Japanese!!! (recording)
-
2019:
- DEF CON 27 - Introduction to Hardware Hacking (recording)
-
2021:
- Hardwear.io, Ekoparty - Overmedicated: Breaking the security barrier of a B.Braun Infusion pump:
-
2022
-
RSA - Code Blue! Medical Devices Under Attack (link)
-
Summercon, Recon - Reversing an M32C firmware — Lesson learned from playing with an uncommon architecture:
-
Hexacon - Emulate it until you make it! Pwning a DrayTek Route before getting it out of the Box. (video)
-
BlackHat Europe - Fail Harder: Finding Critical 0-Days in Spite of Ourselves (slides)
-