rust-guide: Guide to develop secure applications with Rust

The object of this document is to provide hints and recommendations for secure applications development using the Rust programming language. It is not intended to be a course on how to write Rust programs, there are already plenty of good learning resources for this purpose (see the External references section below). The purpose is rather to guide the programmer and to inform him about certain pitfalls, especially in case he is involved in the development of applications with strong security requirements. These recommendations form a complement to the good level of trust the Rust language already provides. That said, recalls are sometimes necessary for clarity, and the experienced Rust programmer may rely solely on Recommendation or Warning inserts.

https://github.com/ANSSI-FR/rust-guide

Rootkits and Bootkits: all chapters now available in Early Access (~600 p)

Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
April 2019 (estimated), 504 pp.
ISBN-13:  9781593277161

https://nostarch.com/rootkits

PS: While you’re ordering this at NoStarch.com, note:

Onur Mutlu: Rowhammer and Beyond

http://people.inf.ethz.ch/omutlu/pub/onur-Rowhammer-MSR-Faculty-Summit-talk-August-2-2018-short-final.pdf

flare-emu: IDA Pro + Unicorn Engine

flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported architectures so that you can focus on solving your code analysis problems. Currently, flare-emu supports the x86, x86_64, ARM, and ARM64 architectures.[…]

https://github.com/fireeye/flare-emu

Embedi: NUClear explotion

It is widely known, that UEFI BIOS security aims at preventing the SPI flash memory tampering in the first place. […] Let’s see how such an update process is implemented in our well-known rolling stone Intel NUC Kit NUC7i3BNH. As we can see from the CHIPSEC framework output below, all the mentioned protections are enabled. […]

https://embedi.org/blog/nuclear-explotion/

binaryanalysis-ng: Binary Analysis Next Generation (BANG): framework for checking firmware

Binary Analysis Next Generation (BANG) is a framework for unpacking files (like firmware) recursively and running checks on the unpacked files. Its intended use is to be able to find out the provenance of the unpacked files and classify/label files, making them available for further analysis.

https://github.com/armijnhemel/binaryanalysis-ng

Intel to open-source FSP??

https://www.phoronix.com/scan.php?page=news_item&px=Intel-Open-Source-FSP-Likely

Please leave a Comment on this post if you have more info, other than above.

https://github.com/IntelFsp/FSP

https://firmware.intel.com/learn/fsp/about-intel-fsp

Intel releases 5 new security advisories

Intel® QuickAssist Technology for Linux Advisory
INTEL-SA-00211
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00211.html

Intel® System Defense Utility Vulnerability Advisory
INTEL-SA-00209
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00209.html

Intel® Parallel Studio Vulnerability Advisory
INTEL-SA-00208
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00208.html

Intel® Solid State Drive Toolbox File Permissions Advisory
INTEL-SA-00205
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00205.html

Intel® VTune Amplifier 2018 Update 3 Advisoy
INTEL-SA-00194
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00194.html

1BitSquared’s iCEBreaker FPGA: open source iCE40 FPGA dev board

https://www.crowdsupply.com/1bitsquared/icebreaker-fpga

https://github.com/icebreaker-fpga

http://icebreaker-fpga.com/

FreeBSD 12.0 released

Highlights — from my perspective — include:

* The bsdinstall(8) utility now supports UEFI+GELI as an installation option.
* The bhyve(8) utility is now able to be run withing a jail(8).

https://lists.freebsd.org/pipermail/freebsd-announce/2018-December/001856.html

https://www.freebsd.org/releases/12.0R/relnotes.html

PS: There’re a few days left to purchase a FreeBSD 25th Anniversary t-shirt:

https://www.customink.com/fundraising/freebsd25

Celebrate 25 Years of FreeBSD and Support the Project Fundraiser - unisex shirt design - front

 

PSRedfishEventListener: Redfish Event Listener in PowerShell

The Redfish specification supports event mechanism through which the target redfish devices can send events from different components in the system to an event listener. This project provides an event listener that is create in native PowerShell.

https://github.com/rchaganti/PSRedfishEventListener

https://www.powershellmagazine.com/2018/11/13/redfish-event-listener-in-powershell/

https://psredfishlistener.readthedocs.io/en/latest/

Super Hexagon: A Journey from EL0 to S-EL3

Welcome to a journey of AArch64 kernel exploitation, from the least privileged, to the most secure privilege level on the ARMv8 platform. For this year’s HITCON CTF, I played with my academic team, Kernel Sanders. When scanning through the problems, I quickly latched on to the Super Hexagon challenge once I heard it involved ARM exploitation.

https://hernan.de/blog/2018/10/30/super-hexagon-a-journey-from-el0-to-s-el3/

Lecture: Modchips of the State: Hardware implants in the supply-chain

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

We don’t know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.

https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9597.html

35c3 Chaos West : 9 out of 10 x86_64 firmware vendors will hate this talk!

9 out of 10 x86_64 firmware vendors will hate this talk!

We’ll give a short introduction what you might find in your machines firmware and tell the story of two hackers that magically found tens of thousands x86_64 firmware images in their backyard as well as their journey to explore common configuration fuckups, update frequencies and potential security risks.

https://fahrplan.chaos-west.de/35c3chaoswest/talk/7ZSFL9/

https://fahrplan.chaos-west.de/35c3chaoswest/talk/

(Let’s hope the publish this repository of images….)

Drill Apple Core: Up and Down – Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit

https://www.blackhat.com/eu-18/briefings/schedule/index.html#drill-apple-core-up-and-down—fuzz-apple-core-component-in-kernel-and-user-mode-for-fun-and-profit-12923

http://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-Wu-Drill-Apple-Core.pdf

VmcsAuditor – A Bochs-Based Hypervisor Layout Checker

https://rayanfam.com/topics/vmcsauditor-a-bochs-based-hypervisor-layout-checker/

https://github.com/SinaKarvandi/VMCS-Auditor

VMCS Auditor