< NULLCON 2025 - BERLIN />

About the Speaker

GO BACK
img
Valentin Obst
Researcher Fraunhofer FKIE
img
Jörg Stucke
Researcher Fraunhofer FKIE

< Talk Title />

Firmware Security Village

< Talk Category />

Village

< Talk Abstract />

The Firmware Security Village is designed to provide both beginners and experienced participants with comprehensive insights into firmware analysis through a hands-on approach using Capture the Flag (CTF) challenges.
Participants will use the FACT firmware analysis tool and live devices accessible via a local network.

The workshop emphasizes practical demonstrations over traditional presentations, offering participants a firsthand experience of the firmware analysis workflow. Key technical challenges include

- identifying software components,
- searching for hard-coded credentials,
- and identifying bug fixes.

FACT automates most analysis steps, allowing participants to focus on understanding how to find and reproduce information in different environments.

Additional focus areas include methods for finding and aggregating information, creating a firmware database for various research purposes, and quickly rediscovering vulnerabilities using pattern matching.
Participants will also have the opportunity to customize their analysis setup and integrate new features into FACT on-site.
 

< Speaker Bio />

Valentin Obst

Valentin Obst is a researcher at Fraunhofer FKIE. His broad research interests are in the area of operating systems and program analysis, but he is also interested in programming languages and compilers.
In particular, his research focuses on static analysis based methods for bug detection in firmware binaries. Furthermore, he maintains the cwe_checker, an open-source static binary analysis tool.

Jörg Stucke

Jörg Stucke is researcher at Fraunhofer FKIE and is part of the Software
and Firmware Security research group. He is currently the maintainer of
the Firmware Analysis and Comparison Tool (FACT) and has been a core
developer since its inception in 2015.