Breaking barriers, one byte at a time. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 29 March 2025

⏱️ 19 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This week, we are joined by Jon Williams, Vulnerability Researcher from Bishop Fox, discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research. They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall. The research can be found here: Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	Is your AppSec program actually reducing risk?
0:18.0	Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk.
0:25.6	Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise.
0:33.6	High-impact threats slip through and surface in production, costing 10 times more to fix.
0:39.9	Ox Security helps you focus on the 5% of issues that truly matter before they reach the cloud.
0:46.4	Find out what risks deserve your attention in 2025.
0:50.1	Download the application security benchmark from Ox Security.
0:54.2	Thank you. Download the application security benchmark from OX Security.
1:11.6	Hello everyone and welcome to the CyberWires Research Saturday. I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:16.6	tracking down the threats and vulnerabilities,
1:19.6	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:25.6	Thanks for joining us.
1:39.7	Part of what we do on our team is we regularly research end-day vulnerabilities in major software vendors. And a lot of our customers use firewall appliances like the sonic wall devices.
1:46.0	And so we stay on top of new vulnerabilities that are announced in those types of devices.
1:52.1	That's John Williams, vulnerability researcher at Bishop Fox.
1:56.4	The research we're discussing today is titled,
1:58.8	tearing down sonic walls, decrypting Sonic OSX
2:02.7	firmware.
2:10.3	And with Sonic Wall in particular, we had done some research on them in the past.
2:16.0	We kept up with a lot of what was going on with Sonic Wall.
2:20.2	But when they upgraded their platform to Sonic OSX,
	...

Transcript will be available on the free plan in -4 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.