University of Minnesota
Software Engineering Center

You are here

Eric Thayer; Code Freeze 2015

Eric Thayer is a Principal Investigator for the Systems Analysis and Exploitation group at Assured Information Security, a cyber security company serving the DoD and commercial industry. Mr. Thayer has over fifteen years experience in the cyber security field and is the lead engineer for a group of two dozen reverse engineers and security professionals. He has spent his career performing security assessments and security related research for government agencies, state organizations, and commercial entities. With a degree focused in computer security and formalized training in vulnerability identification, exploit development, and reverse engineering Eric regularly serves as a qualified consultant to industry professionals, developers, and academics. This allows him to serve as the “voice of the offense” and provide technical expertise in potential security threats and operational risks to systems. In his twelve years at AIS Eric has served as the lead engineer while conducting security assessment of software systems, networks, and embedded systems to include smart phones, SCADA equipment and networks, automobiles, radios, and air vehicles. In total Eric has led his team in the assessment of nearly one hundred target systems and consulted on the development cycle design and testing of nearly as many.

Abstract: In the current world of the Internet of things, the security of any piece of consumer electronic equipment can easily come into question. Traditional electronics are being replaced with upgraded “smart” alternatives and connected cars, smart watches, wireless medical devices, and network enabled lights switches are flooding the market. Each of these pieces of technology, whether just the next gadget or mission critical equipment, offers an attack surface that security researchers may take advantage of and successfully exploit.

Researchers perform reverse engineering, vulnerability identification, and exploit development against these types of devices which requires skills in advanced computing, network protocol analysis, software development, and security concepts. Most importantly, it requires the ability to critically look at a system and identify the potential weaknesses, and then exploit those weaknesses through interactive testing and analysis. This presentation will address the basics of system security assessment and the thought process and approach taken to attack a target.

Return to CodeFreeze 2015 Program