DeepSec 2013 Talk: Auditing Virtual Appliances – An Untapped Source Of 0-days
System administrators and information security researcher often have to deal with appliances. Almost every organisation and company has a couple of magical black boxes sitting around. Usually they are connected to the network, and they do important stuff (such as filtering things, checking content, and the like). In the old days testing these appliances for their security record was hard. You had to open it, do a lot of tedious reverse engineering in order to understand how it works, and then conduct your tests to do your analysis. Fortunately the future is here, and so is a new form factor: virtual appliances! At DeepSec 2013 Stefan Viehböck of SEC Consult will talk about the advantages of having a virtual appliance to deconstruct. Virtual appliances aren’t very different from their embedded cousins, judged from the