Fabio Pagani
@pagabuc.bsky.social
Reposted by Fabio Pagani
Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...
February 28, 2025 at 8:56 PM
Only a week and a half left for USENIX WOOT '25 conference submissions - deadline March 11 AoE. We’re looking forward to seeing even more of your amazing offensive security papers this year! And still a few days for up-and-coming track (March 4). CfP at www.usenix.org/conference/w...
Reposted by Fabio Pagani
happy new year 🎉
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
January 1, 2025 at 12:13 PM
happy new year 🎉
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
to continue the tradition, here is some of my favorite firmware & embedded security research of 2024:
Defeating the new Raspberry Pi's RP2350 Security Features [1]
Reversing and Hacking Firmware of an in-orbit Satellite to Re-establish Lost Communication [2]
Reposted by Fabio Pagani
In case you missed it from #LABScon24: BINARLY’s @matrosov.bsky.social and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
📺 Watch the full video: s1.ai/PKfail
📺 Watch the full video: s1.ai/PKfail
December 13, 2024 at 9:48 PM
In case you missed it from #LABScon24: BINARLY’s @matrosov.bsky.social and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
📺 Watch the full video: s1.ai/PKfail
📺 Watch the full video: s1.ai/PKfail
Reposted by Fabio Pagani
📺 #LABScon 2024 Replay: @matrosov.bsky.social
and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
👉 Watch the full video: s1.ai/PKfail
and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
👉 Watch the full video: s1.ai/PKfail
December 4, 2024 at 5:36 PM
📺 #LABScon 2024 Replay: @matrosov.bsky.social
and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
👉 Watch the full video: s1.ai/PKfail
and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.
👉 Watch the full video: s1.ai/PKfail
Reposted by Fabio Pagani
Code circulating in the wild hijacks the earliest stage boot process of Linux devices by exploiting a year-old UEFI vulnerability known as LogoFAIL when it remains unpatched. The ultimate objective of the exploit is to install a new Linux bootkit named Bootkitty.
arstechnica.com/security/202...
arstechnica.com/security/202...
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor
Unearthed sample likely works against Linux devices from Acer, HP, Fujitsu, and Lenovo.
arstechnica.com
November 29, 2024 at 9:57 PM
Code circulating in the wild hijacks the earliest stage boot process of Linux devices by exploiting a year-old UEFI vulnerability known as LogoFAIL when it remains unpatched. The ultimate objective of the exploit is to install a new Linux bootkit named Bootkitty.
arstechnica.com/security/202...
arstechnica.com/security/202...