Key Topics

* [03:00] Ryan's background in offensive cybersecurity and defense contracting

* [04:30] The mindset and challenges of vulnerability research and hacking

* [09:15] How security researchers approach attacking embedded devices

* [13:45] Techniques for extracting and analyzing firmware

* [19:30] Security considerations for embedded developers

* [24:00] The importance of designing security from the beginning

* [28:45] Security challenges for small companies without dedicated security staff

* [33:20] Address Space Layout Randomization (ASLR) and other security measures

* [37:00] Emulation technology for testing embedded systems

* [45:30] Tulip Tree's approach to embedded system emulation and security testing

* [50:15] Resources for learning about cybersecurity and hacking

Notable Quotes

> "When you're on the vulnerability research side, you're trying to find a time when the software does something wrong. When it does something unexpected." — Ryan Torvik

> "Don't roll your own cryptography. Use a standard library for cryptography." — Ryan Torvik

> "We're seeing that the maintenance costs are what are getting people now. You're expected to maintain this device, but now you got to be able to actually update the device." — Ryan Torvik

> "It's so much more expensive to put security in after the fact if it's possible in the first place. Why is that even something that needs to be debated?" — Luca Ingianni

Resources Mentioned

[Tulip Tree Technology](tuliptreetech.com) - Ryan's company focused on embedded system security and emulation

* IDA Pro - Interactive disassembler for firmware analysis

* Binary Ninja - Interactive disassembler from Vector35

* Ghidra - NSA's open-source software reverse engineering tool

* Microcorruption - Beginner-friendly CTF challenge for learning embedded system hacking

* National Vulnerability Database - Public database of security vulnerabilities

Things to do

* Join the Agile Embedded Podcast Slack channel to connect with the hosts and other listeners

* Check out Tulip Tree Technology's website for their emulation tools and security services

* Try Microcorruption CTF challenges to learn about embedded system security vulnerabilities

* Consider security implications early in your design process rather than as an afterthought

* Use secure programming languages like Rust that help prevent common security issues

You can find Jeff at https://jeffgable.com.
You can find Luca at https://luca.engineer.

Want to join the agile Embedded Slack? Click here