Davide Berardi

Davide Berardi picture

Davide Berardi

Embedded Developer @
Davide is a paranoi.. ^U Davide is a free software, security and embedded developer. After some years of work as a firmware engineer he started his PhD adventure at University of Bologna, his Alma mater. His research fields are penetration testing methodologies and low level exploitation with a focus on virtual network and embedded systems pentesting. Davide take part in the VirtualSquare projects like ViewOS and VDE focusing on security and OpenNext, a framework to work with multi-many core architectures. He loves to administer Linux /* BSD servers and complain about weak passwords.. when he is not de-soldering (and breaking) chips.

Talks

2018 Linux hardening and security measures against Memory corruption
45'
The exploding popularity of Embedded/IoT computing facilitate this security problems using low or non-existent security policies and exploits countermeasures. So why not explore some security measures that are widely available in the Linux world? We will focus on memory corruption techniques. The Linux kernel was always focused on security features and giving bad times to the exploiters. This talk will introduce some common exploits and techniques, showing the mitigations employed by the kernel. By focusing on the major threats that affects modern Linux boxes, we will see which are the main features that can give problems to the system administator and how a preliminary penetration test can be done, ensuring that the system is in a sane state. The talk will also focus on problematics of embedded/IoT Unix systems, showing how some recent attacks gained control over a big network of devices and how a simple embedded system can be analyzed, hunting for bugs. Talk outline: Penetration testing, Linux, netfilter/bpf, memory corruption, ASLR, Spectre/Meltdown.