Wilco van Beijnum
Wilco van Beijnum is a researcher at the Dutch Institute of Vulnerability Disclosure (DIVD), focusing on devices in the energy domain. He also works at ElaadNL via Scyon, where he tests EV charging infrastructure for vulnerabilities. With extensive experience in both software and hardware hacking, he uncovers and reports vulnerabilities in charging stations to strengthen their defenses, resulting in over 20 CVEs. His expertise in embedded system security, firmware analysis, and reverse engineering helps strengthen the security and resilience of the next generation of energy-related devices.
Session
When investigating the security of a smart device, we often encounter a very limited attack surface with no open ports, encrypted network traffic, and no logging. In this session, Wilco will show how to break through these barriers on an ESP32, a microcontroller widely used in IoT devices, such as smart switches, EV charging stations, and many other smart home devices.
Wilco will present techniques for obtaining, reverse engineering, and patching the firmware of an ESP32, and show these techniques in practice during demo sections by disabling certificate pinning and enabling debug logging on an ESP32 device.
After this session, you will have the knowledge and skills to start reverse engineering your own ESP32-based IoT devices, opening up new paths for vulnerability research.