Connect | Educate | Inspire | Secure
(ISC)2 Seattle Chapter
Bringing like-minded professionals together in the Greater Puget Sound region to discuss current tactics, techniques, and procedures within cybersecurity.
CPE Submission for General Meetings
To have the ISC2 Seattle Chapter submit a member's CPEs automatically, they must input their ISC2 number on the Zoom registration form. Please do this before each meeting. Any members attending the meetings and failing to submit their CISSP membership numbers will need to submit their own CPEs on the ISC2 website.
Thursday, October 7, 2021
Title: Hardware Security from the Hacker's Perspective
The technology sector today is evolving more quickly than ever - with the rise of new industries - greatly expanding the scope of knowledge required to evaluate the security of systems and environments; it can feel as we are getting further and further ‘away from the metal,’ especially with the explosion of cloud technology abstracting details even further beyond shiny APIs. But there’s a commonality behind the novel abstractions: hardware. Understanding the operations of this hardware and its exposure to threats - is the essential knowledge needed by infosec professionals of all industries to improve security operations.
In this presentation, an introduction to the hacker’s perspective to hardware security is offered - covering common hardware attack surfaces/vectors, and how hardware attacks can be used to bypass software access controls; converging on a deeper look of the near-ubiquitous and often ignored attack surface: JTAG (and other similar hardware-level debugging interfaces). We will explore the role it serves, how it is exploited, and how the threat can be mitigated.
Ethan Shackleford is a Security Consultant with IOActive, Inc. Specializing in the security of hardware and embedded devices, Ethan works with clients from a wide range of industries including IoT, automotive, and ICS, to ensure that production equipment is battle-hardened and secure in the wild. With deep experience in penetration testing, reverse engineering, to custom exploit development - Ethan is well versed in security assessments across software, embedded systems, and networks.
Recently, Ethan has engaged in research efforts focused on: reverse-engineering gRPC binaries, the use of fault injection to manipulate systems, and leveraging JTAG interfaces on embedded Linux-based devices. His latest published notes can be found on the IOActive Labs blog: https://labs.ioactive.com/
Presenter: Ethan Shackleford
Time: 6:30-7:30 PM
SecureWorld * Online Event
Interface Seattle * Online Event
ISC2 Seattle is welcoming all members to attend Interface Seattle. Conference details:
Are you aware that (ISC)2 has a community place for cybersecurity professionals?
Our online Community is a place for cybersecurity professionals – including (ISC)² members, non-members, certification candidates and others – to connect, collaborate and share knowledge and best practices related to the very broad topic of security. This encompasses discussions around new technologies, best practices, new regulations, professional development, the challenges and opportunities facing the cybersecurity workforce, ways to make the most of your (ISC)2 certification and membership, and much more. We would like to keep this Community a place for appropriate cybersecurity topics and encourage all off-topic discussions to be held elsewhere.
The Seattle Chartering Chapter would like to encourage all members to join the discussion at https://community.isc2.org/t5/memberships/memberspage/node-display-id/grouphub%3AChapter_Seattle/