The firmware ecosystem is quite broad, ranging from linux-based systems such as OpenBMC, to RTOS-based or even kernel-less, bare-metal firmware stacks such as `caliptra-sw.
In this talk, I want to present to you the academic literature I encountered during my Master Thesis research and introduce you to the taxonomy and state-of-the-art methodologies to automatically analyze firmware blobs across domains. I want to motivate all of us to care more about the security of our firmware build artifacts and inspire you to adapt academic research to real life and find the nasty bugs leading to security vulnerabilities - "Gotta catch 'em all!"
I have been a working student at 9elements since 2023 and am doing my Master's in IT Security at Ruhr-University Bochum, Germany.
I am interested in bringing new, memory-safe(er) languages into the realm of firmware and in how to automatically analyze firmware images for security vulnerabilities.