Rise of Attacks on Infrastructure

September 26, 2024 (GMT +8)
14:15
Ballroom 1 & 2
     

In modern day and age, the infrastructure of your network is a massive target for the attacker. After the attack on SolarWinds, attackers realized how massive the potential for such attacks are, and are finding new ways to exploit it. This means new attacks on hardware and software which drives such an infrastructure.

In this talk, we will dive into two remote attacks on infrastructure. One of them is an attack against AMI MegaRAC, which is the firmware used to manage servers all around the world. The second one is an attack against F5 BIG-IP Next, next generation of F5 BIG-IP product line, meant to be more secure and close the issues with their previous software versions. Both attacks are relatively simple to conduct and lead to a massive supply chain impact, and they both present an interesting case study on what attacker's goals may be, as well as raise questions on how to deal with such vulnerabilities overall.

Speaker

Alex Bazhaniuk Alex Bazhaniuk is a distinguished leader and one of the industry's top experts in firmware security, both in research and product development. Throughout his notable career, Alex has spearheaded teams and driven innovative projects at prominent technology firms such as Eclypsium, Intel, and McAfee. His expertise is not only recognized in corporate circles but also in the open-source community, where he has significantly contributed as one of the founding developers of CHIPSEC, a platform security assessment software.

At Eclypsium, as CTO and co-founder, Alex oversees the company's strategic direction in research and development. Under his leadership, the Eclypsium research team has pioneered numerous groundbreaking security discoveries. These include uncovering major firmware vulnerabilities such as the TrickBoot malware module, the BootHole vulnerabilities, and the widely-publicized Screwed Drivers flaws, which collectively have redefined industry standards and practices in hardware security.

Beyond his technical achievements, Alex is a thought leader in the cybersecurity field, frequently speaking at major conferences and contributing insights on advanced security topics and emerging threats. His work not only enhances Eclypsium's product offerings but also contributes to shaping the future of security in an increasingly interconnected world.

« Back