Carel van Rooyen
Computer Systems Engineer
BIOGRAPHY
Carel van Rooyen is a computer systems engineer. Prior to his role as security analyst and security researcher he spent years teaching web application development and network security principles.
Attacking Mongoose OS on Xtensa platforms
Mongoose OS, an open source operating system and framework for the rapid deployment of IoT projects is built on top of FreeRTOS and was initially released in 2015. Abusing buffer overflows, and other vulnerabilities, one could potentially attack implementations of Mongoose OS. In this talk, the issue under scrutiny is the security mechanisms integrated with the Mongoose OS on Xtensa platform systems. Our approach outlines first steps into exploitation techniques tailored to this special target environment. This talk aims at describing employed technologies, techniques, and the preliminary results, as well as considerations on the attack surfaces from OS to hardware and storage level. It also tries to encourage more research and tool development on this topic. We further aim to share knowledge about the exploitation of new platforms and the approaches taken. Further interpretation shows that overlooked security best practices from the past can again be exploited by future adversaries, and need to be guarded against in IoT environments.
Presentation’s Co-Presenter is Philipp Promeuschel, Security Analyst at Compass Security Schweiz AG.
Are you the next cyber security superstar?
If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.
Other speakers joining this year
Adrian Hada
Senior Security Research Engineer Ixia, a Keysight business
Lucian Sararu
InfoSec Team Lead SecureWorks
Neculai Balaban
Member of the national team the represented Romania in ECSC 2017
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
COMPETITIONS
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Business is a key division of Orange Romania, specializing in providing cutting-edge communication, technology, and digital transformation solutions tailored to businesses of all sizes. With a strong emphasis on innovation, Orange Business offers a wide array of services, including high-speed connectivity, cloud computing, cybersecurity, Internet of Things (IoT), and managed services. Their mission is to support organizations in their digital transformation journey by enhancing operational efficiency, improving customer experience, and maintaining a competitive edge in a rapidly changing digital environment.
Orange Business combines deep technological expertise with a customer-centric approach, ensuring that each solution is customized to meet the specific needs of their clients. Their commitment to innovation and excellence makes them a trusted partner for businesses seeking to thrive in the digital age.
PLATINUM PARTNERS
GOLD PARTNERS
SILVER PARTNER
BRONZE PARTNERS
HACKING VILLAGE PARTNERS
EXHIBITORS
VIP LOUNGE POWERED BY
ORGANIZER
INTERNATIONAL COMMUNITY PARTNERS
MEDIA PARTNERS
