SPI Flash for Bug Bounty Hunters
In this presentation, Nerdwell provides a hands-on demonstration of extracting SPI flash contents from hardware devices and how bug bounty hunters can use these techniques to find impactful bugs. The talk begins with a review of SPI flash basics and use cases from the bug bounty hunter’s perspective. Nerdwell then demonstrates SPI flash extraction using low-cost Android-based tools. Lastly, he provides a detailed discussion of the types of data often found in SPI flash and how this data can be of value to bug bounty hunters.
About the Author
Nerdwell is a systems and security engineer with a passion for bug bounty and vulnerability research. He currently works in critical infrastructure protection and has experience supporting technology in a variety of industries, ranging from manufacturing to healthcare. With over 20 years’ experiences, Nerdwell understands firsthand the challenges of building and supporting complex technology solutions securely. In addition to finding bugs and performing security research, Nerdwell enjoys networking and sharing knowledge with fellow hackers.
Get Started with Bugcrowd
Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.