Our focus with this course is to give organizations a leg up on threats surrounding embedded systems - Stephen Ridley, Principal & Chief Researcher at Xipiter
Reston, Virginia (PRWEB) October 07, 2014
Xipiter LLC (xipiter.com), an information security firm with a unique expertise in mobile and embedded device vulnerabilities, has announced the launch of a new information security course called, “Software Exploitation Via Hardware Exploitation.” The course aims to train information security professionals working in government and contracting agencies, as well as those in enterprise roles, new techniques to help protect their critical infrastructure hardware.
Students will learn how to reverse engineer and exploit software on embedded systems via hardware. The 4-day class intensely focuses on results oriented vulnerability discovery (not just hardware hacking and tinkering for fun).
A growing number of attacks now involve exploiting vulnerabilities in embedded hardware devices. Hardware exploitation has played a key role in some of the largest security breaches in recent history. Embedded device hacking is a serious threat and significant point of vulnerability facing many organizations.
To better frame the risk for critical assets, nearly every piece of hardware in an organization or network has embedded chips built-in, and hackers can remotely exploit connected devices that are vulnerable. These chips run software code responsible for helping an organization switch route Internet traffic, give instructions to appliances that store data and control an organization's power systems.
“Embedded chipsets are unregulated, full of vulnerabilities and rarely receive patches. Chip manufacturers traditionally focused on costs and sidelined security,” says Stephen Ridley, Principal & Chief Researcher at Xipiter. "In our course, we teach students how to reverse engineer and exploit vulnerabilities in everyday routers, game consoles and other connected hardware. Our techniques help security teams learn how to catch and fix issues and software developers how to build better software."
Embedded devices and appliances are widely deployed in critical infrastructure. Point-of-sale terminals, medical equipment (CT-Scan, X-ray, ultrasound, MRI devices), thin clients in enterprises, energy and industrial plant controllers, critical infrastructure for process control systems or SCADA devices and data storage appliances all use embedded devices.
"Our focus with this course is to give organizations a leg up on threats surrounding embedded systems,” says Ridley. “Internet security is beyond web penetration and DDos attacks; we often work with clients to show them and remediate vulnerabilities that could provide hackers with direct access into their core networks."
The Software Exploitation Via Hardware Exploitation course uses over 10 years of experience in embedded systems and software hacking. A public version of the course is planned for November 10-13, 2014 in Reston Virginia. To learn more and register visit xipiter.com/training.
About Xipiter, LLC.
Xipiter is an information security team that specializes in software exploitation; embedded systems and software reverse engineering. In addition to this course, Xipiter’s trainings have sold out 3 years in a row at the BlackHat USA security conference and been privately taught at many Fortune 100 companies and government security agencies. Members of Xipiter’s team regularly speak and present research internationally at industry conferences and have co-authored books on exploitation, reverse engineering, and embedded systems.
Principal, Business Development