Uncategorized

EFI Boot Guard from Siemens

EFI Boot Guard

Simple UEFI boot loader with support for safely switching between current and updated partition sets. A bootloader based on UEFI. Provides the following functionality:

* Arm a hardware watchdog prior to loading an OS
* Provides a simple update mechanism with fail-save algorithm

The following watchdog drivers are implemented: Intel Quark, Intel TCO, and Intel i6300esb.

 

https://github.com/siemens/efibootguard

Standard
Uncategorized

Microsoft Windows Defender ATP

What’s new in Windows Defender ATP Fall Creators Update:
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop attacks as they happen and before they have impact. This means that our service will expand beyond detection, investigation, and response, and will now allow companies to use the full power of the Windows security stack for preventative protection. The stack will be powered by our cloud-based security intelligence, which moves us from a world of isolated defenses to a smart, interconnected, and coordinated defense grid that is more intelligent, simple to manage, and ever-evolving. We will also provide a single pane of glass experience for security professionals. This means that security management (SecMgmt) teams can easily configure a broad set of Windows security stack technologies through an integrated configuration management experience. Security operations (SecOps) teams get full visibility into their Windows endpoint security and a rich toolset to take action using the Windows Defender ATP console. This will not only give companies a full picture of what’s happening on their endpoints, but will also put them in the driver seat to quickly react to threats as they happen. Leveraging our cloud-based security intelligence gives the optics, context, and tools that companies need to quickly investigate and remediate incidents. Here are some highlights of the Windows Fall Creators Update:[…]

https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/

https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp

 

Standard
Uncategorized

Summer reading list for UEFI security

I’ve seen a large number of ‘Summer reading list’ posts on various social media forums in the last few days. I’ll add my own.

http://www.timeglider.com/timeline/5ca2daa6078caaf4

https://github.com/advanced-threat-research/firmware-security-training

https://www.nostarch.com/rootkits

https://www.degruyter.com/view/product/484477

https://www.degruyter.com/view/product/484468

https://blog.invisiblethings.org/2015/10/27/x86_harmful.html

https://blog.invisiblethings.org/2015/12/23/state_harmful.html

Regarding the No Starch Press book above, most chapters available via ebook, hardcopy book apparently due later this Summer, autographed edition at DEF CON.

Standard
Uncategorized

IoT Liability

 

When safety and security become one
What happens when your car starts getting monthly upgrades like your phone and your laptop? It’s starting to happen, and the changes will be profound. We’ll be able to improve car safety as we learn from accidents, and fixing a flaw won’t mean spending billions on a recall. But if you’re writing navigation code today that will go in the 2020 Landrover, how will you be able to ship safety and security patches in 2030? In 2040? In 2050? At present we struggle to keep software patched for three years; we have no idea how to do it for 30. Our latest paper reports a project that Éireann Leverett, Richard Clayton and I undertook for the European Commission into what happens to safety in this brave new world. Europe is the world’s lead safety regulator for about a dozen industry sectors, of which we studied three: road transport, medical devices and the electricity industry.[…]

https://www.lightbluetouchpaper.org/2017/06/01/when-safety-and-security-become-one/

http://www.cl.cam.ac.uk/~rja14/Papers/weis2017.pdf

Standard
Uncategorized

Aditya Gupta: Firmware Analysis for IoT Devices

Firmware Analysis for IoT Devices

Aditya Gupta

This is the second blog related to IoT Exploitation and Penetration Testing. In this blog we are going to have a look at a key component in an IoT device architecture – firmware‍. Any IOT‍ device you use, you will be interacting with firmware, and this is because firmware can be thought of as the actual code that runs on an IoT or embedded device‍ . For this post, we will start by looking at various ways to extract file system from firmware, and then move into going deeper into analysing binaries for vulnerabilities. The most common architectures for IoT devices are ARM‍ and MIPS‍ , which is also something we will cover later in this series. Before starting digging deep into the firmware, we would have a look at the components and related aspects, such as file system types, compression‍ , encryptions, and bootladder‍.[…]

https://www.peerlyst.com/posts/firmware-analysis-for-iot-devices-aditya-gupta

Standard