The slides I will present at today’s #frOSCon Keynote on #Spectre #Meltdown #TLBleed #NetSpectre #L1TF (aka #Foreshadow) and similar microprocessor microarchitecture vulnerabilities are now online. Simple as 1,2,3 (aka 123 slides in 1 hour): https://t.co/u4GZC0aw67
— Jon Masters 🏴☠️ (@jonmasters) August 26, 2018
Month: August 2018
Xeno updates Low Level PC Attack Papers list
Re: https://firmwaresecurity.com/2018/05/30/xeno-updates-low-level-pc-attack-papers-list-2/
Xeno has updated his Timeglider with recent research!
Dell seeks Vulnerability Researcher
The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business.
Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware
Developing and maintaining tools to assist in vulnerability research and exploit development
5+ years direct or equivalent experience in areas of vulnerability research, exploit development, reverse engineering and fuzzing
Nothing to see here. The not-so-charger
https://twitter.com/elkentaro/status/1032229182565048322
[…I’m sure many of us already have one of these multi-port usb chargers to charge all our gadgets. So my idea was to create a casing for an RPi that looked like one of those chargers.[…]
mac-white-papers: “Every” OS X/ macOS white paper
Booting the Mac: the kernel and extensions
The whole purpose of the BootROM and EFI phases is to get to load and run the macOS kernel and its extensions, which is what boot.efi, the “OS X booter”, finally does. Although boot.efi doesn’t suddenly vanish, from here on it is very little needed.[…]
CopperheadOS: rebooting
Re: https://firmwaresecurity.com/2018/07/12/copperheados-continuing-with-new-team/
https://github.com/copperheados
There’re also a series of tweets to show the current perspective of open source software (”source-available software’):
a bit more on Intel-SA-00161 (and microcode license update)
Re: https://firmwaresecurity.com/2018/08/23/a-bit-more-on-intel-sa-00161/
Intel updated their document today, and revised their microcode license:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
NIST SP 1800-19A: Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure
The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms. This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide—a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.
https://www.nccoe.nist.gov/projects/building-blocks/trusted-cloud/hybrid
a bit more on Intel-SA-00161
Re: https://firmwaresecurity.com/2018/08/16/more-on-intel-sa-00161-2/
https://www.linode.com/community/questions/17122/how-is-linode-handling-l1tfforeshadow
https://www.kb.cert.org/vuls/id/982149
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_response.htm
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_protectinginstance.htm
https://duo.com/decipher/what-it-needs-to-know-about-foreshadow
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
https://blog.barkly.com/what-is-l1tf-foreshadow-intel-vulnerability-explained
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/foreshadow-l1tf-intel-processor-vulnerabilities-what-you-need-to-know
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF
Hypervisor From Scratch – Part 1: Basic Concepts & Configure Testing Environment
Welcome to the first part of a multi-part series of tutorials called “Hypervisor From Scratch”. As the name implies, this course contains technical details to create a basic Virtual Machine based on hardware virtualization. If you follow the course, you’ll be able to create your own virtual environment and you’ll get an understanding of how VMWare, VirtualBox, KVM and other virtualization softwares use processors’ facilities to create a virtual environment.[…]
https://rayanfam.com/topics/hypervisor-from-scratch-part-1/
OSFC schedule released
The schedule for the Open Source Firmware Conference, happening next month, is now available:
Embedded Analysis Wiki: covers embedded analysis techniques and tools
TPM2-UEFI: TCTI module for use with TSS2 libraries in UEFI environment
https://github.com/flihp/tpm2-uefi
This is an implementation of a TCTI module for use with the TCG TPM2 Software Stack (TSS2) in the UEFI environment. This library is built as a static archive libtss2-tcti-uefi.a suitable for linking with UEFI applications.
Bochspwn Reloaded
Bochspwn Reloaded is an instrumentation module for the Bochs IA-32 emulator, similar to the original Bochspwn project from 2013. It performs taint tracking of the kernel address space of the guest operating systems, to detect the disclosure of uninitialized kernel stack/heap memory to user-mode and other data sinks. It helped us identify over 70 bugs in the Windows kernel, and more than 10 lesser bugs in Linux in 2017 and early 2018.
binja-i8086: 16-bit x86 architecture pluginfor Binary Ninja
If you use Binary Ninja and have to look at 8086 binaries, here’s a new plugin that should help:
https://github.com/whitequark/binja-i8086/
2 TPM vulnerabilities: CVE-2018-6622 and CVE-2017-16837
x41-smartcard-fuzzing and qsym
Two new fuzzers, one with more symbolic execution features!
https://github.com/x41sec/x41-smartcard-fuzzing
Firmware Security 
You must be logged in to post a comment.