Diffing Firmware Versions to Find Security Patches

When a vendor ships a quiet security fix, diffing two firmware versions reveals exactly what changed. Here is how to do it efficiently with the right tools.

Reverse Engineering an Unknown Binary Protocol

Many devices speak a custom binary protocol over serial or the network. Here is a method for decoding one from captures and the firmware that parses it.

A Pre-Production Hardware Security Checklist

Before a connected product ships, a security checklist catches the issues that are expensive to fix later. Here is the pre-production checklist I use.

Code Review Patterns for Embedded C

Embedded C is powerful and unforgiving. Here are the recurring vulnerability patterns to look for when reviewing embedded firmware code.

Building Security Into the Firmware SDLC

Security bolted on at the end is expensive and incomplete. Here is how to build it into the firmware development lifecycle from the start.

Meeting IEC 62443 on Real Hardware

IEC 62443 is the standard for industrial security, but meeting it on real embedded hardware takes interpretation. Here is how to apply it in practice.

OT Network Segmentation for Embedded Systems

When embedded devices cannot defend themselves, the network has to. Here is how segmentation protects fragile OT and embedded systems.

Secure Boot on STM32: What Actually Protects You

STM32 chips offer real secure boot features, but only if you configure them. Here is what protects you, what is off by default, and how to verify it.

Spotting Backdoors and Debug Hooks in Firmware

Not every hidden access path is malicious, but every one is a risk. Here is how to find debug hooks and backdoors left in shipped firmware.

UDS Diagnostics as an Attack Surface

UDS gives powerful access to a vehicle’s ECUs by design. Here is how that diagnostic protocol becomes an attack surface and how it should be defended.