Meet Lior Yaari
Security Researcher and consultant focusing on embedded devices security
Lior started his Security career at the military cyber corps, where he served as an officer for 6 years.
He specialized in automotive ECU hacking, working as a vulnerability researcher for Cymotive Technologies and VW Group.
​
Lior is an international speaker and trainer for embedded security and secure development. His training was selected for international conferences such as: Hack In The Box (Amsterdam, Singapore), DeepSec (Vienna), x33fcon (Gdynia) and DakotaCon (Madison SD).
You Will Learn How To
01
Understand Famous IoT Attacks and
Vulnerability Types
02
Protect from Memory Corruption Vulnerabilities
03
Avoid Mistakes in Cryptographic Security Mechanisms
04
Prepare for
Embedded Devices Attacks
Full Agenda
Day 1
Day 2
20/04 - 9:30 - 17:30 *(CET)
21/04 - 9:30 - 16:30 *(CET)
Introduction to Embedded Security:
-
Famous IoT attacks
-
Vulnerabilities types and classification
​​
Memory Corruption Vulnerabilities:
-
Complied programs memory layout
-
Stack​
-
Heap
-
Globals
-
-
Buffer Overflows + Lab
-
Stack Overflows​
-
Heap Overflows
-
-
Protection Mechanisms + Lab​
-
DEP
-
ASLR
-
Stack Canary
-
​​​
Advanced Vulnerabilities:​​
-
Format String Attacks + Lab
-
Integer Overflows + Lab
-
Command Injections + Lab
-
Daily Summary
Cryptographic Security Mechanisms and Their Risks:
-
Hashes + Lab
-
Encryption + Lab
-
Signatures
-
Certificates
-
Password Breaking Lab
​​
Embedded Devices Attacks:
-
TOCTOU Attacks + Lab
-
SPI Intrusion + Lab​​
-
Memory Swaps + Lab
-
Glitching
​​
Final Exercise – Hacking a Secure Boot System​
-
Detecting & Fixing Buffer Overflows
-
Identifying Architecture Issues
​
Embedded Security Specialist Certificate
will be given upon completion of lab exercises