About the Speaker

The Firmware Security Village is designed to provide both beginners and experienced participants with comprehensive insights into firmware analysis through a hands-on approach using Capture the Flag (CTF) challenges.
Participants will use the FACT firmware analysis tool and live devices accessible via a local network.

The workshop emphasizes practical demonstrations over traditional presentations, offering participants a firsthand experience of the firmware analysis workflow. Key technical challenges include

- identifying software components,
- searching for hard-coded credentials,
- and identifying bug fixes.

FACT automates most analysis steps, allowing participants to focus on understanding how to find and reproduce information in different environments.

Additional focus areas include methods for finding and aggregating information, creating a firmware database for various research purposes, and quickly rediscovering vulnerabilities using pattern matching.
Participants will also have the opportunity to customize their analysis setup and integrate new features into FACT on-site.
 

Valentin Obst is a researcher at Fraunhofer FKIE. His broad research interests are in the area of operating systems and program analysis, but he is also interested in programming languages and compilers.
In particular, his research focuses on static analysis based methods for bug detection in firmware binaries. Furthermore, he maintains the cwe_checker, an open-source static binary analysis tool.