Below the Surface (Audio) - The Supply Chain Security Podcast

summary In this episode, the hosts discuss the new FCC regulations regarding consumer routers, exploring the implications for cybersecurity, the definitions of what constitutes a router, and the challenges of manufacturing compliant devices. They delve into the debate surrounding the effectiveness of these regulations in mitigating cyber risks, the role of hardware versus software vulnerabilities, and the potential impact on consumers and existing devices in homes. In this conversation, the hosts discuss the implications of the FCC's decision to decertify routers and firmware, the challenges posed by the conditional approval process, and the potential impact on router security and availability. They explore conspiracy theories surrounding the regulations, compare US and EU cybersecurity standards, and address the complexities of hardware backdoors and default credentials. The conversation highlights the need for better security practices and the importance of addressing vulnerabilities in enterprise devices. Chapters 00:00 Introduction to FCC Regulations on Routers 02:35 The Impact of FCC Regulations on Consumer Devices 05:03 Defining What Constitutes a Router 09:51 The Security Implications of Router Regulations 12:41 The Role of Hardware vs. Software in Cybersecurity 17:11 Challenges in Manufacturing and Compliance 21:40 Consumer Impact and Existing Devices 25:59 The Future of Networking Devices and Regulations 29:48 Decertification of Routers and Firmware Challenges 31:58 Conditional Approval Process and Its Implications 34:40 Proposed Solutions for Router Security Standards 36:53 Conspiracy Theories Surrounding Router Regulations 39:26 The Impact of Regulations on Router Availability and Pricing 42:05 Comparing US and EU Cybersecurity Regulations 46:11 The Complexity of Hardware Backdoors and Security 49:11 Addressing Default Credentials and Vulnerabilities 52:02 Conditional Approval Guidance and Its Flaws 54:56 Recent Vulnerabilities in Enterprise Devices

In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices in enterprise environments. Chapters 00:00 Introduction to KVM Vulnerabilities 03:00 Research Background and Team Introduction 05:57 Exploring GLINet and Initial Findings 09:03 Firmware Analysis and Security Expectations 11:58 Vulnerability Disclosure and Response 15:07 Enterprise Risks and Deployment Concerns 17:59 Security Best Practices for KVMs 21:06 Vendor Responses and Community Engagement 23:49 Unique Vulnerabilities in SiP and JetKVM 27:01 Conclusion and Future Directions 31:26 Vulnerability Research and Tool Development 34:14 Vendor Communication and Disclosure Challenges 37:51 Firmware Update Issues and Security Concerns 39:12 The Importance of Reviews and Brand Trust 41:42 Security Best Practices for KVMs 45:38 Network Segmentation and Device Security 49:26 Discovering IoT Devices on the Network 52:11 Open Source Solutions and Community Engagement 55:58 The Future of KVM Security and Regulation

In this episode of Below the Surface, Paul Asadoorian, Vlad Babkin, and Adrian Sanabria discuss the ongoing vulnerabilities in network edge devices, the implications of legacy systems like Avanti, and the strategies employed by threat actors. They explore the importance of monitoring and detection in cybersecurity, as well as innovative deception techniques to enhance security measures against exploitation. In this conversation, the speakers delve into various aspects of cybersecurity, including innovative strategies to enhance security, the challenges posed by vendor cooperation, the implications of cyber insurance, and the importance of visibility in threat detection. They discuss the use of canary tokens, the exploitation of edge devices, and the reality of zero-day vulnerabilities. The conversation also touches on the need for firmware updates, the shift towards open-source solutions, and the role of AI in developing cybersecurity tools. Chapters 00:00 Introduction to Below the Surface Podcast 03:27 Network Edge Vulnerabilities and Trends 10:02 Understanding Avanti and Its Impact 12:44 The Consequences of Legacy Systems 18:03 Exploitation Techniques and Threat Actor Strategies 26:50 The Importance of Monitoring and Detection 31:14 Deception Techniques for Enhanced Security 32:55 Leveraging Canary Tokens for Enhanced Security 34:41 The Challenge of Vendor Cooperation in Cybersecurity 35:30 Understanding Cyber Insurance and Its Implications 36:25 The Importance of Visibility in Cyber Defense 39:12 Utilizing Low-Interaction Honeypots for Threat Intelligence 41:48 Exploiting Vulnerabilities in Edge Devices 43:27 The Reality of Zero-Day Vulnerabilities 45:04 Analyzing Recent Exploits in Network Devices 49:02 The Need for Firmware Updates and Alternatives 50:33 Exploring Tailscale and Remote Access Solutions 54:33 Building Secure Lab Environments 56:52 The Shift Towards Open Source in Cybersecurity 01:00:27 Innovations in Memory Forensics 01:03:02 AI's Role in Enhancing Cybersecurity Tools

In this episode, the hosts discuss various cybersecurity threats, including Russian cyber attacks on critical infrastructure, the vulnerabilities in firewalls and VPNs, and the implications of AI in cybersecurity. They explore the increasing trend of using Python for malicious purposes and the challenges posed by gaming anti-cheat drivers. The conversation also touches on the escalation of cyber warfare and the confused deputy problem in AI, highlighting the need for better security measures and awareness in the industry. Chapters 00:00 Introduction to Cybersecurity Threats 02:52 Russian Cyber Attacks on Poland's Power Grid 10:33 The Flaws in Firewall Security 15:02 AI and the Future of Cybersecurity 22:22 Exploiting Vulnerabilities in Gaming Anti-Cheat Drivers 29:47 Driver Attestation and Security Transparency 35:17 Critical Infrastructure and Cybersecurity Threats 39:50 Linux Malware and Python Exploits 45:47 Firmware Complexity and Security Risks 51:19 Cyber Insurance and Responsibility in Cybersecurity 56:52 Confused Deputy Attack and AI Security Risks

In this episode, the hosts discuss various cybersecurity topics, including the challenges of BIOS password cracking, the implications of AMD's Stack Warp vulnerability, and the importance of up-to-date secure boot certificates. They also explore the risks associated with network security appliances, the costs of cybersecurity, and the role of marketing in raising awareness. Additionally, they share insights from an X-ray analysis of USB cables, highlighting the differences between quality and counterfeit products. BIOS password cracking can be complex and time-consuming. Physical access to hardware can significantly impact security measures. The Stack Warp vulnerability poses serious risks to virtual machines. Secure boot certificates need regular updates to maintain security. Network security appliances can introduce new vulnerabilities. Cybersecurity costs often outweigh the perceived benefits of cloud solutions. Marketing plays a crucial role in raising awareness about cybersecurity issues. X-ray analysis can reveal the quality of electronic components. Understanding the shared responsibility model is essential for IT teams. The balance between security and operational efficiency is a constant challenge. Chapters 01:59 Introduction to Below the Surface Podcast 04:46 BIOS Password Cracking Techniques 10:14 Exploring AMD's Stack Warp Vulnerability 22:03 Migration Trends in Cloud Computing 23:22 Cost vs. Security in On-Premises Solutions 24:37 Shared Responsibility in Network Security Appliances 27:03 The Risks of Network Security Appliances 28:14 Exploitation of Vulnerabilities in Network Devices 31:18 Challenges in Updating Network Security Appliances 34:59 The Slow Response to Vulnerabilities 39:05 The Complexity of Firmware Updates 45:45 Secure Boot Certificates and Future Vulnerabilities 49:12 Fun Innovations: X-ray Machine in the Office

In this episode of Below the Surface, host Paul Asadoorian is joined by co-hosts Larry Pesci, Joshua Marpet, and Vlad Babkin to delve into the complexities of hardware supply chain security. The discussion is sparked by a presentation from Andrew 'Bunny' Wong at Black Hat Asia, which raised critical questions about how we can trust the silicon in our devices. The conversation explores the challenges of validating hardware components, the potential for backdoors in devices, and the implications of counterfeit components in the supply chain. The hosts share anecdotes and insights about their experiences with hardware security, emphasizing the need for independent testing and the importance of understanding the provenance of hardware components. 00:00 Introduction to Hardware Supply Chain Security 02:53 Understanding Trust in Silicon 05:55 Challenges in Validating Hardware Components 09:01 Historical Context of Hardware Tampering 11:58 The Complexity of Supply Chains 14:55 Operationalizing Hardware Validation 18:01 The Role of Independent Researchers 20:59 Bounties and Community Involvement 23:56 Innovative Techniques for Hardware Analysis 27:06 The Future of Hardware Security 31:57 The Evolution of Computing: From Transistors to Quantum 36:11 Understanding Hardware Trust and Supply Chain Risks 41:52 The Need for Continuous Monitoring and Assurance 55:31 The Future of High Assurance Devices and Backdoors

Summary In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenges. We delve into the transition from traditional methods to AI-driven approaches, emphasizing the importance of prompt specificity for effective vulnerability discovery. The conversation also covers the role of open-source components, the need for guardrails in AI use, and the implications of AI-generated reports in cybersecurity. Additionally, they touch on man-in-the-middle techniques and the future of AI in firmware development, highlighting the creative monetization of vulnerabilities in IoT devices. Takeaways * AI is revolutionizing firmware analysis and vulnerability discovery. * Specificity in prompts is crucial for effective AI usage. * Open-source components can enhance analysis results significantly. * Guardrails are necessary to prevent AI from executing harmful commands. * AI can assist in code refactoring and documentation generation. * NTP spoofing can reveal vulnerabilities in time-sensitive applications. * AI-generated reports may lead to false positives in vulnerability assessments. * Man-in-the-middle techniques are essential for testing device security. * The future of AI in firmware development is promising but complex. * Understanding the context of vulnerabilities is key to accurate reporting. Chapters 00:00 Introduction to Firmware Analysis and AI Tools 01:54 Transitioning from Traditional Tools to AI 04:28 Specific Techniques for Vulnerability Discovery 06:29 Dynamic Analysis vs. Static Analysis 08:30 Using AI for Code Generation and Documentation 11:43 Interacting with Firmware and Devices 15:57 Creating Custom Tools and Skills for AI 18:53 Recent Projects and Use Cases in Firmware Analysis 22:48 Challenges and Risks of Using AI in Security Research 28:36 The Future of AI in Firmware Development 29:43 AI in Code Review and Vulnerability Detection 33:35 Limitations of AI in Understanding Logic 37:54 Challenges with AI-Generated Vulnerability Reports 43:13 Man-in-the-Middle Techniques and Tools 53:24 Exploring IoT Device Vulnerabilities

Summary In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems. Takeaways Fortinet vulnerabilities are critical and require immediate attention. Silent patches can lead to significant security risks. AI is being used by both attackers and defenders in cybersecurity. The OWASP Top 10 has been updated to include software supply chain failures. Firmware security is often overlooked but is essential for device safety. Supply chain breaches can have far-reaching implications for organizations. Visibility into firmware and device security is lacking in the industry. Standards for software security are necessary to protect against vulnerabilities. Defenders need better tools to combat evolving threats. The cybersecurity landscape is becoming increasingly complex and interconnected. Chapters 00:00 Introduction and Technical Setup 03:08 Fortinet Vulnerabilities and Exploits 06:05 Public Exploits and Path Traversal Vulnerabilities 09:00 Chaining Vulnerabilities and Risk Assessment 11:50 Authentication and Vulnerability Scoring 15:04 Operational Complexity in Patch Management 17:55 Silent Patches and Their Implications 20:58 Challenges with Network Device Security 24:55 Cyber Insurance and Vulnerability Trends 27:58 The Impact of Silent Patches 30:46 End of Life Devices and Legacy Systems 34:58 Supply Chain Security and Source Code Theft 39:44 AI in Cybersecurity: Opportunities and Threats 47:17 Navigating AI's Guardrails and Malicious Use Cases 49:24 The Dilemma of AI and Harmful Intentions 52:44 The Need for Researcher Access to AI Tools 58:36 OWASP Top 10 Updates and Supply Chain Security 01:05:12 The Challenges of Firmware and Device Security

Summary In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspberry Pi in cyber attacks, the implications of the F5 breach, and the emergence of Polar Edge malware targeting QNAP devices. They also discuss the innovative Two-Face Rust binary technique, the critical nature of authentication bypass vulnerabilities, and the evolving landscape of air-gapped systems. The conversation highlights the increasing risk posed by old vulnerabilities and the need for improved security measures in the face of advancing cyber threats. Articles: https://reporter.deepspecter.com/f5-is-misleading-the-market-the-breach-is-nowhere-near-contained-a766d932c582 https://blog.sekoia.io/polaredge-backdoor-qnap-cve-2023-20118-analysis/ https://www.group-ib.com/blog/unc2891-bank-heist/ https://www.synacktiv.com/en/publications/creating-a-two-face-rust-binary-on-linux https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html

In this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importance of vulnerability disclosure. They delve into the complexities of securing network edge devices, the challenges posed by Linux security, and the need for standardization in security practices. The conversation also touches on the future of firmware security and the necessity for proactive measures in incident response. We also close out the show taking about the recent Framework UEFI shell vulnerability. Chapters 00:00 Introduction to F5 Breach and UEFI Secure Boot Bypass 02:16 Details of the F5 Breach 04:59 Threat Actor Analysis and Implications 07:18 Vulnerability Disclosure and Exploitation Risks 10:17 Security Measures and Key Management 12:57 Proactive Defense Strategies 15:52 The Evolving Threat Landscape 18:41 Challenges in Securing Network Devices 21:10 Linux Security and Customization Issues 25:16 Kernel Customization Challenges 27:08 Security Through Obscurity 29:04 Application Security and Development Practices 33:59 Framework's UEFI Shell Vulnerability 38:22 Interdependency in Technology Ecosystems 41:48 The Need for Transparency in Signed Software