ONEKEY invites you to their event
About this event
RTOS-based devices power critical systems across automotive, medical, industrial, and IoT environments. Yet unlike Linux-based products, they often provide little insight into the software running beneath the surface.
Without source code, symbols, software manifests, or vendor documentation, security teams are frequently left with a simple question: What is actually running inside this device? As a result, software components remain unidentified, SBOMs are unavailable, and vulnerabilities can remain hidden for years.
In this webinar, we demonstrate how ONEKEY analyzes RTOS firmware directly from binary images—even when no source code, SBOM, or vendor documentation exists.
We walk through the complete analysis pipeline, starting with firmware extraction and the unique challenges of RTOS environments. We then show how CPU architecture detection, load address reconstruction, and binary disassembly create the foundation for deeper analysis.
Building on this, we demonstrate how software components such as RTOS kernels, TCP/IP stacks, and cryptographic libraries can be identified automatically, providing a complete component inventory even for devices with no available software documentation.
Understanding which components are present is only the first step. We also show how static binary analysis can uncover vulnerabilities directly within RTOS firmware, helping security teams identify weaknesses that traditional software inventory approaches often miss.
Finally, we explain how component intelligence and automated CVE reduction work together to eliminate noise and focus attention on vulnerabilities that are genuinely relevant to the device under analysis.
This webinar is designed for product security professionals, firmware analysts, vulnerability researchers, PSIRT teams, and device manufacturers seeking greater visibility into RTOS-based products and their associated security risks.
Can’t join live? Register now and receive the recording on demand.
Hosted by
In his current role, Max helps enterprises automate and continuously monitor the security aspects of their embedded devices, using binary analysis, software bill of materials, and CI/CD pipeline integration.
Roman conducts offensive security research on IoT and OT devices specializing in firmware analysis, vulnerability research, and reverse engineering of embedded systems. He translates research findings into scalable product capabilities for automated firmware and device security assessment.
ONEKEY is a specialist for Product Cybersecurity for IoT & OT. Using automatically generated "Digital Twins" and "Software Bill of Materials" of devices, ONEKEY analyzes firmware for security vulnerabilities & compliance violations, without source code, device, or network access.
