Richard Harman is an incident responder at SRA International's internal Security Operations Center, where he slings Perl code supporting incident response and performs analysis & reverse engineering of targeted attack malware samples. Why spend $100 on an old SanDisk U3 Cruiser when you can spend $4 for the same features?
This talk will touch on the various controller manufacturers, features, and show you how to leverage them for yourself. Update the controller's firmware, disassemble it, etc. Turn an old flash drive into an emulated CDROM or a CDROM + flash drive. These flash controllers can be *reprogrammed entirely* via software to do whatever you want. These flash controllers have capabilities that aren't mentioned on product packaging, and can be enabled with programming you will learn during this presentation. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected 'name brands' on the market. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. With stories of 'BadBIOS' infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers.
