yltsi
yltsi spends his time during business hours conducting product security research for a large technology company. Outside of that, he spends an overwhelming amount of time quenching his curiosity with web, mobile, game, and embedded security research for the spirit of the craft, as well as electronics reverse engineering and repair. He is a pro-gratis bug hunter and live hacking enthusiast, having taken 1st place in DistrictCon's inaugural Junkyard EOL PwNATHON competition in 2025 and given a talk at DEF CON Skytalks long ago.
Session
The last decade has been revolutionary for making embedded security research intellectually and financially accessible for thousands of curious minds around the world. Just by watching YouTube recordings of talks and reading blogposts from individual tinkerers and security firms alike, one can quickly start making a splash in a research area that was formerly thought to be prohibitively expensive and required lots of prerequisite knowledge.
Pan back to you: you saw the title of this presentation, and thought it was interesting. You have a $5 multimeter, a crusty soldering iron, a few bootleg debug adapters, and a wallet full of lint and toothpicks, but not a lot of bread. Where to now?
This talk presents the Hardware Procurement Iceberg (not coincidentally modeled off of the iceberg meme template): three distinct visualizations that show off different ways to procure (see: legally purchase and own) hardware to probe and modify for the sake of vulnerability and security research. Each visualization lays out various procurement methods measured by cost effectiveness, ethicality, and ease, which is left to the audience as to which route they choose to take.
Whether it be eBay, GovDeals, or somewhere more obscure/exotic, this talk walks through all possible routes to find your desired router, medical equipment, ICS/SCADA device, or whatever you fancy to complete your end-to-end research testbed.