Nika Korchok Wakulich
Nika Korchok Wakulich (aka ic3qu33n) is a hacker/reverse engineer/artist based in Brooklyn, NY. She is a Security Consultant at Leviathan Security Group where she works on a range of penetration testing engagements, with a focus on hardware, firmware and embedded security. Outside of work, she combines her artistic practice (woodcut prints, painting, drawing, etc.) with her independent security research on passion projects in different areas of security.
She has presented her security research at a number of InfoSec conferences including REcon, OffensiveCon, Hushcon, and BSides SF. She is a contributing writing for a number of hacker zines, including tmp.0ut and VX-Underground Black Mass.
When she isn't making art, reverse engineering or making art as a part of her reverse engineering process, she enjoys learning languages, skateboarding, and taking long walks (à la Paul Erdös).
You can find her online, in a few of the various corners of the internet she frequents at:
- Twitter: @nikaroxanne
- GitHub: @ic3qu33n and @nikaroxanne
- Website/Portfolio: https://ic3qu33n.fyi
- Mastodon: ic3qu33n@infosec.exchange
- Keybase: @ic3qu33n
Sessions
BIOS Hacking is back and it’s badder than ever.
Legacy BIOS is old news and UEFI is the new reigning queen bee of Platform Firmware implementations. This changing of the guard brings new challenges and mitigations for bootkit writers to thwart and bypass, as well as the opportunity for creative exploits and groundbreaking techniques in UEFI exploit development.
This talk is a deep-dive on UEFI reverse engineering and exploit development, with a focus on new and creative UEFI exploit dev techniques. It will also cover strategies for finding new exploit targets within UEFI. Applicable both to seasoned veterans of UEFI/BIOS exploit dev, and those looking to break into the space, I’ll cover both UEFI RE and exploit dev essentials and new techniques to take your UEFI PoCs to the next level. This talk combines hardware hacking and platform firmware reverse engineering and exploit development and will cover the following:
- UEFI software testing/debugging techniques with emulators
- UEFI hardware debugging and testing techniques
- UEFI reverse engineering
- Assembly programming techniques for developing UEFI shellcode on different architectures (x86-64, aarch64 and EBC)
- PCI Option ROM hacking
What happens when you combine the exploit primitives in a vulnerable image parsing driver impacted by LogoFAIL, PCI Option ROM hacking, the oft-forgotten and neglected EBC (EFI Byte code) architecture and a dash of low-level graphics programming?
GOP Complex.