Jonathan Goikhman
Summary
Experienced security researcher with a strong focus on low-level system security,adept at both independent work and collaborating within cross-functional teams to tackle complex security challenges.
Overview
3
3
years of professional experience
Work History
Security Researcher
Confidential
08.2024 - Current
- Conducted in-depth research into UEFI firmware, reverse engineered DXE drivers in order to achieve insights on important aspects of boot-time security
- Designed and implemented Bootkits with the purpose of protecting the system, implementing features such as - ESP file monitoring against ESP-based Bootkits, enforcing Bios settings, disabling system features such as CNVi (Wifi and Bluetooth)
- Deploying the Bootkits both by ESP-based technique to avoid mitigations such as HP Sure-Start, and by firmware implants to avoid mitigations such as Secure-Boot
- Implementing advanced features such as DXE modules that live up-to operating system time (Windows) by hooking kernel functions and avoiding protections such as DSE and PatchGuard
- Writing detailed technical reports for clients and teaching colleagues new-learned techniques
Security Researcher
Rockwell Automation
07.2022 - 08.2024
- Conducting in-depth analysis of firmware and proprietary protocols to identify potential security vulnerabilities in commercial IoT devices such as Firewalls, BMC and servers.
- Developing exploits on ARM Linux systems, bypassing exploit mitigations such as DEP,ASLR
- Extensive use of Reverse Engineering tools such as IDA and GDB in order to find and develop 0days, as well as using Binary Diffing tools such as BinDiff and Diaphora in order to exploit 1days
- Working with protocols such as UART and interfaces such as JTAG in order to debug and develop exploits
- Successfully exploiting vulnerabilities such as Buffer Overflows and bypassing mitigations in order to achieve RCE useful for clients needs, such as post-exploitation memory forensics
Publications
We don't like BIOS passwords - Bypassing BIOS passwords using a bootkit (Enlish, jongoikhman.blogspot) - Technical blog about a new technique to bypass BIOS passwords. ESP based Bootkit that hooks relevant UEFI runtime services and manages to both wipe existing password and prevent the user setting a new one
Bootkits - It's never deep enough (Digital Whisper - Hebrew infosec magazine) - The paper covers the Bootkit topic from start to finish - what is a Bootkit, how it worked and attacked legacy systems covering topics such as MBR/VBR, writing my own legacy MBR Bootkit , UEFI Fundamentals and modern protections.
The Hitchhiker's guide to firmware analysis - Covers embedded IoT vulnerability research - How do we approach an embedded device, different approaches to acquire the firmware and reviewing CVE in order to attack a device
Timeline
Security Researcher
Confidential
08.2024 - Current
Security Researcher
Rockwell Automation
07.2022 - 08.2024
Similar Profiles
Devesh UpadhyayDevesh Upadhyay
Sales Consultant at ConfidentialSales Consultant at Confidential
Alison Bishop CampbellAlison Bishop Campbell
Licensed Insurance Agent at ConfidentialLicensed Insurance Agent at Confidential
Jennifer BlancoJennifer Blanco
Remote Client Services Agent at ConfidentialRemote Client Services Agent at Confidential
Mohammed AldawsariMohammed Aldawsari
Mechanical Engineer at ConfidentialMechanical Engineer at Confidential
Suman RoySuman Roy
Security Researcher at Bug Bounty Hunter / VDPSecurity Researcher at Bug Bounty Hunter / VDP