v3ga

Currently, medical devices are getting smarter by the minute. However, with the rapid expansion of new technologies on legacy systems, these smart additions are adding massive amounts of attack footprint. Additionally, older ways of development, utilizing sometimes poorly constructed binaries or scripts, are placed onto newer operating systems, leaving an environment ripe for exploitation. Adding urgency, the FDA also recently announced it would begin denying systems with vulnerabilities. This will go over my methods of using full scope testing (physical/netpen/hardware/other) to gain good findings for remediation in the modern world and the differentiators I have seen in my testing method vs. others observed in field. It will also have ample examples of actual bugs located during testing, how they were uncovered, and how they were utilized to exploit target systems (anonymized of course).

Michael Aguilar (v3ga_hax) is a Principle Consultant with Secureworks Adversary Group. He leads the Medical Device Adversarial Testing efforts at Secureworks as well conducting Adversarial Assessments, Internal/External Adversarial testing, Social Engineering and other fun things. When not knocking over systems, he enjoys cardio (running/cycling), playing guitar/screaming and music.