Santa Monica, Calif. -- September 11, 2025 -- Binarly, the industry leader in software and firmware supply‑chain security, will take the keynote day stage at LABScon for the fourth year in a row, reinforcing the company’s role as a go-to source for groundbreaking technical research at one of the cybersecurity industry’s premier conferences.
This year’s presentation, Signed and Dangerous: BYOVD Attacks on Secure Boot, presents the first large-scale census of signed UEFI modules, drawn from both public threat intelligence feeds and Binarly’s private telemetry. We analyzed tens of thousands of binaries and discovered how over-privileged, under-scrutinized modules undermine Secure Boot’s trust model.
Binarly research leads Alex Matrosov and Fabio Pagani will walk attendees through real-world bypass chains, including live exploitation on a fully patched system, and provide a hardening roadmap for vendors and defenders alike.
For the first time, Binarly will also introduce a new taxonomy of Secure Boot attack categories that span vulnerable signed modules, double-use binaries like UEFI shells, leaked private keys, and verification logic flaws. This framework is designed to help security teams map the full attack surface, moving the industry toward a more mature understanding of firmware-level risks.
The researchers will also use the LABScon stage to reveal details of CVE-2025-6198, a critical bug in BMC firmware validation logic. The flaw allows attackers to “bring your own vulnerable firmware image,” opening a dangerous new pathway for persistence at the heart of server infrastructure. This disclosure extends Binarly’s track record of uncovering systemic issues that reverberate across the global hardware ecosystem.
“Firmware sits at the foundation of every platform, yet it remains one of the least transparent and least monitored layers of the stack,” said Alex Matrosov, CEO and Head of Research at Binarly. “Our work at LABScon is about shining a light into those dark corners where trust can be misplaced, and where attackers already operate. The CVE-2025-6198 story will highlight why supply-chain scale monitoring is essential, because even the smallest oversight in validation logic can cascade into enterprise-wide risk.”
Binarly’s LABScon keynote-day presentation reinforces the company’s mission: to equip the industry with actionable intelligence, transparency tools, and research that directly reduces risk in the software and hardware supply chain. With its fourth consecutive keynote appearance, Binarly continues to cement its reputation as a trusted authority in software supply chain security research and an essential voice in shaping industry priorities.
About Binarly
Binarly is a U.S.‑based software and firmware supply‑chain security company founded in 2021. The Binarly Transparency Platform helps device manufacturers, OEMs and enterprise security teams detect vulnerabilities, misconfigurations, secrets and malicious code in firmware and software components—while accelerating the shift to post‑quantum cryptography. Visit https://binarly.io for more information.
Media Contact
media@binarly.io
