Timing Attacks on Embedded Comparisons

A comparison that returns early leaks how much of a secret you got right. Here is how timing attacks work and why constant-time code matters.

Where Embedded Devices Hide Their Keys

A device is only as secure as the place it keeps its keys. Here is a tour of common key storage choices, from the worst to the best.

Meeting IEC 62443 on Real Hardware

IEC 62443 is the standard for industrial security, but meeting it on real embedded hardware takes interpretation. Here is how to apply it in practice.

Security Testing for Medical Devices

Medical device security carries stakes most products do not: patient safety. Here is how testing differs and what regulators now expect.

Threat Modeling an Implantable Device

An implantable device cannot be patched easily and lives inside a person. Here is how threat modeling has to adapt to those brutal constraints.

From Recon to Root: An Embedded Pentest Walkthrough

A start-to-finish look at how an embedded penetration test goes, from first contact with the board to a root shell and what it means.

Persistence Techniques on Embedded Devices

Getting onto a device is one thing; staying there across reboots and updates is another. Here is how persistence works on embedded systems and how to detect it.

Prioritizing Embedded Vulnerabilities by Impact

Not every finding deserves equal attention. Here is how to rank embedded vulnerabilities so you fix the ones that matter first.