Offensive Cybersecurity with Ryan Torvik

Listen to this episode from The Agile Embedded Podcast on Spotify. Key Topics* [03:00] Ryan's background in offensive cybersecurity and defense contracting* [04:30] The mindset and challenges of vulnerability research and hacking* [09:15] How security researchers approach attacking embedded devices* [13:45] Techniques for extracting and analyzing firmware* [19:30] Security considerations for embedded developers* [24:00] The importance of designing security from the beginning* [28:45] Security challenges for small companies without dedicated security staff* [33:20] Address Space Layout Randomization (ASLR) and other security measures* [37:00] Emulation technology for testing embedded systems* [45:30] Tulip Tree's approach to embedded system emulation and security testing* [50:15] Resources for learning about cybersecurity and hackingNotable Quotes> "When you're on the vulnerability research side, you're trying to find a time when the software does something wrong. When it does something unexpected." — Ryan Torvik> "Don't roll your own cryptography. Use a standard library for cryptography." — Ryan Torvik> "We're seeing that the maintenance costs are what are getting people now. You're expected to maintain this device, but now you got to be able to actually update the device." — Ryan Torvik> "It's so much more expensive to put security in after the fact if it's possible in the first place. Why is that even something that needs to be debated?" — Luca IngianniResources Mentioned[Tulip Tree Technology](tuliptreetech.com) - Ryan's company focused on embedded system security and emulation* IDA Pro - Interactive disassembler for firmware analysis* Binary Ninja - Interactive disassembler from Vector35* Ghidra - NSA's open-source software reverse engineering tool* Microcorruption - Beginner-friendly CTF challenge for learning embedded system hacking* National Vulnerability Database - Public database of security vulnerabilitiesThings to do* Join the Agile Embedded Podcast Slack channel to connect with the hosts and other listeners* Check out Tulip Tree Technology's website for their emulation tools and security services* Try Microcorruption CTF challenges to learn about embedded system security vulnerabilities* Consider security implications early in your design process rather than as an afterthought* Use secure programming languages like Rust that help prevent common security issues You can find Jeff at https://jeffgable.com.You can find Luca at https://luca.engineer.Want to join the agile Embedded Slack? Click here