SecTools Podcast – Episode #41

Conversation with ONEKEY Team (Marton Illes, Quentin Kaiser, László Vaskó and Florian Lukavsky) about Unblob Project.

All Episodes

unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for.

unblob is free to use, licensed under MIT license, it has a command line interface and can be used as a Python library. This turns unblob into the perfect companion for extracting, analyzing, and reverse engineering firmware images.

unblob was originally developed and currently maintained by ONEKEY and it is used in production in ONEKEY analysis platform.

About Guests

Quentin Kaiser is an ex-penetration tester who turned binary analysis nerd. He’s currently working as a security researcher at the ONEKEY Research Lab, where he focuses on binary exploitation of embedded devices and bug finding automation within large firmware.

Marton Illes worked at various different security companies in the last 20+ years (BalaBit/OneIdentity, Offensive Security, ONEKEY). He is currently working at ONEKEY as the head of the engineering & research team, where he is focusing on automated analysis & vulnerability research of embedded devices.

László Vaskó is an open-source software enthusiast and programming language nerd. He is a lead software engineer at ONEKEY where he enjoys solving hard puzzles with his team while they are developing the best automated firmware security analysis platform.

Florian Lukavsky started his hacker career in early ages, bypassing parental control systems. Since then, he has reported numerous zero-day vulnerabilities responsibly to software vendors and has conducted hundreds of pentests and security reviews of IoT devices as a CREST certified, ethical hacker. Today, Florian Lukavsky aids organizations with IoT security automation as CTO of ONEKEY, the leading European platform for automated security analyses of IoT firmware.

  • Recorded
  • Published