Sergey Temnikov

Senior Security Researcher, Kaspersky Lab

About speaker

Sergey works on the Kaspersky Lab ICS CERT team that specializes in researching vulnerabilities in industrial automation systems and smart devices. His interests include fuzzing, binary vulnerability exploitation, penetration testing and reverse engineering. He started his career at Kaspersky Lab as a malware analyst.
November 16
13:00 — 14:00
Main Track
It is conventional wisdom that the right approach to doing things is to «Trust but verify». However, corporate solutions often use only the former part of this principle. Third-party code, specifically a license manager (a small software or USB token), can create a huge security problem for otherwise exceptionally well protected corporate systems. Last year, the Kaspersky Lab ICS CERT team analyzed a hardware-based licensing solution — HASP tokens by Gemalto. This time, we will talk about our latest research into the popular Flexnet solution by Flexera. What we found included logical DoS, logical LPE, RCE, that sort of thing... We will show how these three-letter abbreviations can get the best of even the most secure corporate or financial systems, industrial automation systems, etc.