Eugene Lim (GOVTECH) – Hacking the Synology NAS: Reversing and Fuzzing Hardened

Last year, I hacked the Synology DiskStation Network Attached Storage (NAS) device, discovering several vulnerabilities including 6 assigned Common Vulnerabilities and Exposures (CVEs). I will do a deep dive into the techniques used to reverse engineer, fuzz, and exploit the firmware, as well as lessons on building rugged software. I will discuss good secure coding and vulnerability disclosure practices by Synology.

Mr. Eugene Lim
Cybersecurity Specialist
GovTech Singapore

Eugene (@spaceraccoon) hacks for good! From Amazon to Zendesk, he helps secure products globally. In 2019, he won the Most Valuable Hacker award at the H1-213 live hacking event organized by HackerOne, the US Air Force, the UK Ministry of Defense, and Yahoo. He has reported vulnerabilities in Microsoft Office, Apache OpenOffice, D-Link, and more. He also presented research on AI-powered phishing at Black Hat USA and DEF CON in 2021. At GovTech, he secures citizen data and government systems through application security research and sustainable DevSecOps development. Later this year, he will be speaking at DEF CON 30 on hacking calendars including Apple Calendar, Google Calendar, and Microsoft Outlook.