SBOMs the Hard Way Hacking Bob the Minion
Larry Pesce
DEF CON 32 Creator Stage · Day 1 · Creator Stage
In his DEF CON 32 talk, "SBOMs the Hard Way Hacking Bob the Minion," Larry Pesce, Product Security Research and Analysis Director and Services Team Lead at Finite State, delves into the practical application of **Software Bill of Materials (SBOMs)** for identifying and exploiting vulnerabilities in connected devices. The presentation transcends theoretical discussions of SBOMs, offering a hands-on perspective on how these inventories can be operationalized by both defenders and attackers. Pesce uses the whimsical example of "Bob the Minion"—a consumer-grade connected device—as a case study to illustrate the comprehensive process of obtaining, analyzing, and leveraging an SBOM to uncover potential security weaknesses.