2022-06-18, 13:00–13:45, Track 2 (Moody Rm 101)
As part of a personal case study, I’ve performed security assessments against a wide selection of OT products from 20+ different vendors, resulting in the discovery of over 300 security vulnerabilities. In this talk I would like to provide an overview of my approach - which was mainly a combination of fuzzing and manual testing, present some specific examples and share my experience and challenges in coordinated disclosure with various CERTs and PSIRTs around the globe.
Michael is an independent security researcher specialized in vulnerability research, fuzzing and exploit development. With over a decade of industry experience in offensive security he has discovered a plethora of vulnerabilities across a wide range of high-value enterprise software and operating systems.