libredfish is a new Rust-based Redfish library. Not to be confused by the libredfish library in C by the DMTF.
https://github.com/cholcombe973/libredfish
https://github.com/DMTF/libredfish
Author: hucktech
LiveCloudKd: VM memory forensics tool
https://twitter.com/msuiche/status/1074217301602254849
LiveCloudKd was the first utility to focus on Virtual Machine introspection for memory forensics purposes, it was released in 2010 after some initial research on Hyper-V v1.
Eurocom GdrSecInfo computer security workshop: presentations online
Presentations:
An honest look at the state of enterprise security
The need for Hardware roots of trust
Understanding Linux Malware
Security and privacy issues in avionics communications
Formal methods: from source-level safety to binary-level security
BinCAT: purrfecting binary static analysis
https://gdr-securite-ssl.loria.fr/pmwiki.php/SSL/Sophia21112018
Kous-OS: a CP/M-like OS that runs on UEFI and runs on X86-64
A new UEFI-centric project. I wish I had time this month to look at what this is, the docs hint at Java being used? and there is Rust code. Via Google Translate:
It is a CP / M-like OS that runs on UEFI and runs on X86-64 architecture.
This program group starts with UEFI and forms an OS that runs on the X86-64 architecture.
https://github.com/kousoz80/Kous-OS
IDC_Importer: A Binary Ninja plugin for importing IDC database dumps from IDA Pro
IDC Importer (Plugin)
Author: SpecterDev
Allows users to import idc database dumps from IDA into Binary Ninja. Making the switch from IDA to Binary Ninja but need your function names and symbols to carry over? This plugin will take an IDC file and automatically import the functions, strings, and comments.
What is Keystone and it’s first open-source release?
Re: https://firmwaresecurity.com/2018/11/12/keystone-open-source-secure-hardware-enclave/
There is a new document on their site, with more info on this project.
https://keystone-enclave.org/2018/12/13/what-is-keystone.html
tools to create UEFI USB boot drives
Regarding tools/scripts to generate a UEFI USB thumbdrive boot disk, there’s:
1) Rufus (a native GUI app for Windows), which has been around for years.
2) USB_UEFI_Shell, a Unix script, came out two weeks ago.
https://github.com/skyskyshinysky/usb_uefi_shell
3) WinInst-UEFI-USB is a macOS script that generates a Windows-centric drive, and this was initially released yesterday.
https://github.com/core-process/wininst-uefi-usb
[[I think there are a few other scripts that I’ve blogged about, but forget the project names at the moment, will create a future post when I can extend the list. There’s also the Tianocore/EDK2 script that DUET uses (or rather used, DUET was just deprecated from EDK2); I think Cloverboot has variations of that script. I guess I should also create a list of documentation that describes how to do this in the future as well. The CHIPSEC user documentation’s UEFI install instructions are one example app that includes this. There’re about a dozen other documents…]]
rust-guide: Guide to develop secure applications with Rust
The object of this document is to provide hints and recommendations for secure applications development using the Rust programming language. It is not intended to be a course on how to write Rust programs, there are already plenty of good learning resources for this purpose (see the External references section below). The purpose is rather to guide the programmer and to inform him about certain pitfalls, especially in case he is involved in the development of applications with strong security requirements. These recommendations form a complement to the good level of trust the Rust language already provides. That said, recalls are sometimes necessary for clarity, and the experienced Rust programmer may rely solely on Recommendation or Warning inserts.
Rootkits and Bootkits: all chapters now available in Early Access (~600 p)
Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
April 2019 (estimated), 504 pp.
ISBN-13: 9781593277161
PS: While you’re ordering this at NoStarch.com, note:
ZeroNights 2018: videos uploaded
Onur Mutlu: Rowhammer and Beyond
flare-emu: IDA Pro + Unicorn Engine
flare-emu marries IDA Pro’s binary analysis capabilities with Unicorn’s emulation framework to provide the user with an easy to use and flexible interface for scripting emulation tasks. It is designed to handle all the housekeeping of setting up a flexible and robust emulator for its supported architectures so that you can focus on solving your code analysis problems. Currently, flare-emu supports the x86, x86_64, ARM, and ARM64 architectures.[…]
Embedi: NUClear explotion
https://twitter.com/_embedi_/status/1072876745383124992
It is widely known, that UEFI BIOS security aims at preventing the SPI flash memory tampering in the first place. […] Let’s see how such an update process is implemented in our well-known rolling stone Intel NUC Kit NUC7i3BNH. As we can see from the CHIPSEC framework output below, all the mentioned protections are enabled. […]
https://embedi.org/blog/nuclear-explotion/
binaryanalysis-ng: Binary Analysis Next Generation (BANG): framework for checking firmware
Binary Analysis Next Generation (BANG) is a framework for unpacking files (like firmware) recursively and running checks on the unpacked files. Its intended use is to be able to find out the provenance of the unpacked files and classify/label files, making them available for further analysis.
Intel to open-source FSP??
https://www.phoronix.com/scan.php?page=news_item&px=Intel-Open-Source-FSP-Likely
Please leave a Comment on this post if you have more info, other than above.
Intel releases 5 new security advisories
Intel® QuickAssist Technology for Linux Advisory
INTEL-SA-00211
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00211.html
Intel® System Defense Utility Vulnerability Advisory
INTEL-SA-00209
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00209.html
Intel® Parallel Studio Vulnerability Advisory
INTEL-SA-00208
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00208.html
Intel® Solid State Drive Toolbox File Permissions Advisory
INTEL-SA-00205
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00205.html
Intel® VTune Amplifier 2018 Update 3 Advisoy
INTEL-SA-00194
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00194.html
1BitSquared’s iCEBreaker FPGA: open source iCE40 FPGA dev board
FreeBSD 12.0 released
https://twitter.com/FreeBSD_RE/status/1072564698938261505
Highlights — from my perspective — include:
* The bsdinstall(8) utility now supports UEFI+GELI as an installation option.
* The bhyve(8) utility is now able to be run withing a jail(8).
https://lists.freebsd.org/pipermail/freebsd-announce/2018-December/001856.html
https://www.freebsd.org/releases/12.0R/relnotes.html
PS: There’re a few days left to purchase a FreeBSD 25th Anniversary t-shirt:
https://www.customink.com/fundraising/freebsd25
PSRedfishEventListener: Redfish Event Listener in PowerShell
The Redfish specification supports event mechanism through which the target redfish devices can send events from different components in the system to an event listener. This project provides an event listener that is create in native PowerShell.
https://github.com/rchaganti/PSRedfishEventListener
https://www.powershellmagazine.com/2018/11/13/redfish-event-listener-in-powershell/
Super Hexagon: A Journey from EL0 to S-EL3
Welcome to a journey of AArch64 kernel exploitation, from the least privileged, to the most secure privilege level on the ARMv8 platform. For this year’s HITCON CTF, I played with my academic team, Kernel Sanders. When scanning through the problems, I quickly latched on to the Super Hexagon challenge once I heard it involved ARM exploitation.
https://hernan.de/blog/2018/10/30/super-hexagon-a-journey-from-el0-to-s-el3/
Firmware Security 
You must be logged in to post a comment.