Author: hucktech

Intel ME JTAG PoC for INTEL-SA-00086

~ hucktech ~ Leave a comment

Vulnerability INTEL-SA-00086 allows to activate JTAG for Intel Management Engine core. We developed our JTAG PoC for the Gigabyte Brix GP-BPCE-3350C platform. Although we recommend that would-be researchers use the same platform, other manufacturers’ platforms with the Intel Apollo Lake chipset should support the PoC as well (for TXE version 3.0.1.1107).[…]

https://github.com/ptresearch/IntelTXE-PoC

 

Spectre & Meltdown vulnerability/mitigation checker for Linux

~ hucktech ~ Leave a comment

A shell script to tell if your system is vulnerable against the several “speculative execution” CVEs that were made public in 2018.

CVE-2017-5753 [bounds check bypass] aka ‘Spectre Variant 1’
CVE-2017-5715 [branch target injection] aka ‘Spectre Variant 2’
CVE-2017-5754 [rogue data cache load] aka ‘Meltdown’ aka ‘Variant 3’
CVE-2018-3640 [rogue system register read] aka ‘Variant 3a’
CVE-2018-3639 [speculative store bypass] aka ‘Variant 4’
CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 [L1 terminal fault] aka ‘Foreshadow & Foreshadow-

https://www.cnx-software.com/2018/08/17/check-spectre-meltdown-l1-terminal-fault-linux/amp/

https://github.com/speed47/spectre-meltdown-checker/

Xeno updates Low Level PC Attack Papers list

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/05/30/xeno-updates-low-level-pc-attack-papers-list-2/

Xeno has updated his Timeglider with recent research!

http://timeglider.com/timeline/5ca2daa6078caaf4

Dell seeks Vulnerability Researcher

~ hucktech ~ Leave a comment

The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business.

Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware

Developing and maintaining tools to assist in vulnerability research and exploit development

5+ years direct or equivalent experience in areas of vulnerability research, exploit development, reverse engineering and fuzzing

https://jobs.dell.com/job/-/-/375/9088745

Booting the Mac: the kernel and extensions

~ hucktech ~ 1 Comment

The whole purpose of the BootROM and EFI phases is to get to load and run the macOS kernel and its extensions, which is what boot.efi, the “OS X booter”, finally does. Although boot.efi doesn’t suddenly vanish, from here on it is very little needed.[…]

Booting the Mac: the kernel and extensions

CopperheadOS: rebooting

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/12/copperheados-continuing-with-new-team/

https://github.com/copperheados

There’re also a series of tweets to show the current perspective of open source software (”source-available software’):

a bit more on Intel-SA-00161 (and microcode license update)

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/08/23/a-bit-more-on-intel-sa-00161/

Intel updated their document today, and revised their microcode license:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

https://01.org/mcu-path-license-2018

NIST SP 1800-19A: Trusted Cloud: Security Practice Guide for VMWare Hybrid Cloud Infrastructure

~ hucktech ~ Leave a comment

The National Cybersecurity Center of Excellence (NCCoE) at NIST recognizes the need to address security and privacy challenges for the use of shared cloud services in hybrid cloud architectures, and has launched this project. This project is using commercially available technologies to develop a cybersecurity reference design that can be implemented to increase security and privacy for cloud workloads on hybrid cloud platforms. This project will demonstrate how the implementation and use of trusted compute pools not only will provide assurance that workloads in the cloud are running on trusted hardware and are in a trusted geolocation, but also will improve the protections for the data within workloads and flowing between workloads. This project will result in a NIST Cybersecurity Practice Guide—a publicly available description of the solution and practical steps needed to implement a cybersecurity reference design that addresses this challenge.

https://www.nccoe.nist.gov/projects/building-blocks/trusted-cloud/hybrid

a bit more on Intel-SA-00161

~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/08/16/more-on-intel-sa-00161-2/

https://www.linode.com/community/questions/17122/how-is-linode-handling-l1tfforeshadow
https://www.kb.cert.org/vuls/id/982149
https://blogs.oracle.com/oraclesecurity/intel-l1tf
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_response.htm
https://docs.cloud.oracle.com/iaas/Content/Security/Reference/L1TF_protectinginstance.htm
https://duo.com/decipher/what-it-needs-to-know-about-foreshadow
https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
https://blog.barkly.com/what-is-l1tf-foreshadow-intel-vulnerability-explained
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/foreshadow-l1tf-intel-processor-vulnerabilities-what-you-need-to-know
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

Hypervisor From Scratch – Part 1: Basic Concepts & Configure Testing Environment

~ hucktech ~ 1 Comment

Welcome to the first part of a multi-part series of tutorials called “Hypervisor From Scratch”. As the name implies, this course contains technical details to create a basic Virtual Machine based on hardware virtualization. If you follow the course, you’ll be able to create your own virtual environment and you’ll get an understanding of how VMWare, VirtualBox, KVM and other virtualization softwares use processors’ facilities to create a virtual environment.[…]

https://rayanfam.com/topics/hypervisor-from-scratch-part-1/