2026-04-25 –, Seminar Room 7
As defenders, over the last few years we’ve seen a seemingly relentless stream of incidents, vulnerabilities and attack campaigns targeting network edge devices and appliances. Exposed at the edge of our networks defending these devices is critical, but their proprietary and locked down operating systems mean we often lack the detection and response tools we use every day to quickly triage, investigate and remediate commodity server and client operating systems.
But under the hood, almost all modern network edge devices run some flavour of Linux. Memory collection and analysis on Linux is well supported by both commercial and open source tools such as Volatility 3. In this talk I’ll discuss some of the challenges of collecting and analysing memory on Linux-based appliances, and show how with some creativity (and a little reverse-engineering) you can often get the same level of visibility and analysis we get on more standard Linux operating systems.
Whether you’re an incident responder, part of a security team responsible for these devices or a device vendor I’ll discuss how you can be better prepared for incidents involving these types of systems and use memory analysis as a part of your investigation.
Volexity Inc (volexity.com)
Richard is an experienced cyber security engineer and researcher. Over a 20 year career he’s worked in both the public and private sector on vulnerability research, exploit development and security engineering across a wide range of platforms. Specialising in Linux and embedded device reverse engineering and analysis he is currently a Principal Software Engineer at Volexity Inc.