NorthSec 2021

Pedro Ribeiro

Pedro started working in security by doing ISO27001 audits. After almost dying of boredom, he jumped into penetration testing, reverse engineering and vulnerability research, focusing on embedded systems and enterprise software.

He is the Founder & Director of Research at Agile Information Security, a boutique security consultancy that focuses in providing hardcore technical cyber security solutions to its clients.

In his spare time Pedro hacks hardware and software and has made public dozens of remote code execution vulnerabilities resulting in 140+ CVE, and authored 60+ Metasploit exploits. He regularly participates in Pwn2Own as part of "Flashback Team", winning Pwn2Own Tokyo 2020 outright with his teammate Radek Domanski.

The speaker's profile picture

What is your title?

Founder & Director of Research

What is your company/affiliation(s)?

Agile Information Security

Website (full URL)

https://agileinfosec.co.uk

Twitter account (full URL)

https://twitter.com/pedrib1337

LinkedIn profile (full URL)

https://www.linkedin.com/in/pedro-ribeiro-36a63324/

GitHub account (full URL)

https://github.com/pedrib


Sessions

05-20
17:10
40min
Vulnerability research
Ivica Stipovic, Jeff Dileo, Addison Amiri, Yuan Stevens, Stephanie Tran, Florian Martin-Bariteau, Pedro Ribeiro, Rayna Stamboliyska

Q&A and discussion for the malware block, hosted and moderated by Rayna Stamboliyska. Questions will be gathered from the audience during the four prior talks.

Vulnerability research
Main stream
05-20
14:50
30min
Critical Vulnerabilities in Network Equipment: Past, Present and Future
Pedro Ribeiro

In this talk, we will discuss common vulnerability patterns in network equipment (consumer and enterprise routers, firewalls, VPN, TLS accelerators, switches, WAF, etc).

This critical infrastructure is unfortunately a lot more vulnerable than most people believe, although its security stance has improved within the last few years.

We will go through the history of these vulnerabilities, why they occur and what should we expect to happen in the future, as exploit protections in these devices improve.

Vulnerability research
Main stream