2024
PKFAIL: Supply-Chain Failures in Secure Boot Key Management
LABScon 2024
Fabio Pagani, Alex Matrosov, Yegor Vasilenko, Sam L. Thomas, Anton Ivanov
2023
LogoFAIL: Security Implications of Image Parsing During System Boot
Black Hat Europe 2023
Fabio Pagani, Alex Matrosov, Alex Ermolov, Yegor Vasilenko, Sam L. Thomas, Anton Ivanov
Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security
H2HC 2023
Anton Ivanov, Sam L. Thomas, Alex Ermolov, Yegor Vasilenko, Alex Matrosov, Fabio Pagani
A Dark Side of UEFI: Cross-Silicon Exploitation
OffensiveCon 2023
Alex Matrosov, Alex Ermolov, Yegor Vasilenko, Sam L. Thomas
2022
MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
Zitai Chen, Sam L. Thomas, Flavio D. Garcia
The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
Chris McMahon Stone, Sam L. Thomas, Mathy Vanhoef, James Henderson, Nicolas Bailluet, Tom Chothia
Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
Black Hat USA 2022
Alex Matrosov, Alex Ermolov, Yegor Vasilenko, Sam L. Thomas
2021
Cutting Through the Complexity of Reverse Engineering Embedded Devices
IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES 2021)
Sam L. Thomas, Jan Van den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, Flavio D. Garcia
Finding software bugs in embedded devices
Security of Ubiquitous Computing Systems: Selected Topics
Aurélien Francillon, Sam L. Thomas, Andrei Costin
2018
Backdoor Detection Systems for Embedded Devices
Ph.D. Thesis
Sam L. Thomas
Backdoors: Definition, Deniability and Detection
Proceedings of the 21st International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2018)
Sam L. Thomas, Aurélien Francillon
2017
Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality
22nd European Symposium on Research in Computer Security (ESORICS 2017)
Sam L. Thomas, Tom Chothia, Flavio D. Garcia
HumIDIFy: A Tool for Hidden Functionality Detection in Firmware
International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2017)
Sam L. Thomas, Flavio D. Garcia & Tom Chothia