RWEverthing web site, HTTPS cert expired in January

July 16, 2018July 16, 2018 ~ hucktech ~ Leave a comment

RWeverything is a freeware tool, no source available. It includes a Windows kernel driver. CHIPSEC can be configured to trust and use that driver. It has been many years since I’ve trusted third-party freeware where I didn’t know the third-party author or have many other knowledgeable friends who trust them.

According to my system’s browser:

“rweverything.com uses an invalid security certificate. The certificate expired on January 8, 2018, 3:59:59 PM GMT-8. The current time is July 16, 2018, 3:58 PM.”

rowhammer-test: Google tool to test for Rowhammer

July 16, 2018 ~ hucktech ~ Leave a comment

This is a 3-year-old tool, I just noticed. it. 😦

Google has created rowhammer-test to help with Rowhammer detection. Currently it works on Linux and Mac on Intel systems.

https://github.com/google/rowhammer-test

There’s also a mailing list for related discussions.

https://groups.google.com/forum/#!forum/rowhammer-discuss

reminder: July24th: UEFI Forum’s first security webinar

July 16, 2018 ~ hucktech ~ Leave a comment

Michael Krau, Industry Communications Working Group Chair
Eric Johnson, American Megatrends, Inc.
Tim Lewis, Insyde Software
Dick Wilkins, Phoenix Technologies
Vincent Zimmer, Intel

The panelists will outline the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

http://www.uefi.org/node/3877
https://register.gotowebinar.com/register/3708207810278601474
https://www.gotomeeting.com/webinar/join-webinar

HelpNetSecurity reviews Absolute platform

July 16, 2018 ~ hucktech ~ Leave a comment

Berislav Kucan has a new article on the Absolute platform.

Review: The Absolute Platform with Persistence Technology

Review: The Absolute Platform with Persistence Technology

Almost booting an iOS kernel in QEMU

July 16, 2018 ~ hucktech ~ Leave a comment

Almost booting an iOS kernel in QEMU#MobileSecurity #iOSsecurity by @zhuowei https://t.co/Ec8tVZDR9M

— Mobile Security (@mobilesecurity_) July 15, 2018

I tried to boot an iOS 12 kernelcache in QEMU: I managed to get as far as IOKit startup before receiving a kernel panic. I learned a lot about how iOS boots up with this project.[…]

https://worthdoingbadly.com/xnuqemu/

Apple: new/updated T2 chip and Secure Boot support articles

July 16, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/12/apple-releases-new-systems-with-t2-chip-and-uefi-secureboot/ and

Apple KB article on Secure Boot

the latter Apple support article on Secure Boot has been updated recently:

About Secure Boot

https://support.apple.com/en-us/HT208330

Mac computers that have the Apple T2 chip

https://support.apple.com/en-us/HT208862

IA32-doc: Intel Manual definitions in C and YAML

July 15, 2018July 15, 2018 ~ hucktech ~ Leave a comment

So, I did this: https://t.co/tc0CErrVjo

If you ever wanted to write your own hypervisor, experiment with SGX, perf. counters, fiddle with CPUID or MSRs, just include this file and you're good to go. https://t.co/49ZzQXcQPW

No more tiring copy-paste-editing from Intel Manual.

— Petr Beneš (@PetrBenes) July 14, 2018

IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.

TODO

? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
? Add final Reserved field to bitfields
? Possibility to split into multiple .h
?? Add doxygen main page
??? Add AMD
Find what else is missing
Fix 32/64 bitfields for MSR registers
Add possibility for bitfields to have both UINT32/UINT64 members

https://github.com/wbenny/ia32-doc

Symbolic Deobfuscation: From Virtualized Code Back to the Original

July 14, 2018 ~ hucktech ~ Leave a comment

[BLOG] Symbolic Deobfuscation: From Virtualized Code Back to the Original https://t.co/IDmojyQGiO Work presented at DIMWA 2018 by @JonathanSalwan

— quarkslab (@quarkslab) July 12, 2018

This micro blog post introduces our research regarding symbolic deobfuscation of virtualized hash functions in collaboration with the CEA and VERIMAG. Since 2016 we have been playing around symbolic execution and binary deobfuscation in order to (1) test and improve our binary protector (Epona) (2) improve our DSE (Dynamic Symbolic Execution) framework (Triton). Last week we published at DIMVA 2018 a part of this research focusing on attacking virtualization based-software protections and specially when hash functions are virtualized in order to protect integrity checks, identifications etc. For this study we relied on an open-use source protector (Tigress) and provided scripts and results of our attack as well as some solutions of the Tigress challenge.[…]

https://blog.quarkslab.com/symbolic-deobfuscation-from-virtualized-code-back-to-the-original-dimva-2018.html

ElcomSoft: USB Restricted Mode inside out

July 14, 2018 ~ hucktech ~ Leave a comment

V. Katalov, “USB Restricted Mode Inside Out” (via @ElcomSoft blog) https://t.co/nV9dhbW3ZW

— Arrigo Triulzi (@cynicalsecurity) July 13, 2018

USB Restricted Mode Inside Out https://t.co/sVoEHqpDUM

— DFIR Training (@DFIRTraining) July 12, 2018

https://blog.elcomsoft.com/2018/07/usb-restricted-mode-inside-out/

Crowdsupply: MNT Reform: Open Source DIY Laptop for hacking, customization, and privacy

July 14, 2018 ~ hucktech ~ Leave a comment

#ComingSoon to @crowd_supply : MNT Reform – Open Source #DIY Laptop for Hacking, Customization and Privacy https://t.co/igdY7Svwst pic.twitter.com/xJYSpQ9ZGa

— maker.io (@MakerIO) July 13, 2018

https://www.crowdsupply.com/mnt/reform

Mitigating Spectre with Site Isolation in Chrome

July 14, 2018July 14, 2018 ~ hucktech ~ Leave a comment

https://t.co/HOFGjNiZf1

— Shawn C – citypw@ioc.exchange (@citypw) July 14, 2018

https://security.googleblog.com/2018/07/mitigating-spectre-with-site-isolation.html

IfrViewer and DumpHii

July 14, 2018 ~ hucktech ~ Leave a comment

https://github.com/topeterk/DumpHii
UEFI EDKII Shell command that stores all available Hii packages (DumpHii)

https://github.com/topeterk/IfrViewer

Viewer for IFR structures

UEFIrand: Entropy visualization example using RDRAND

July 14, 2018 ~ hucktech ~ Leave a comment

UEFI application. Entropy visualization example. Use RDRAND instruction.

https://github.com/manusov/UEFIrand

Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms

July 14, 2018 ~ hucktech ~ 1 Comment

Malicious software, a threat users face on a daily basis, have evolved from simple bankers based on social engineering to advanced persistent threats. Recent research and discoveries reveal that malware developers have been using a wide range of anti-analysis and evasion techniques, in-memory attacks, and system subversion, including BIOS and hypervisors. In addition, code-reuse attacks like Returned Oriented Programming emerge as highly potential remote code execution threats. To counteract the broadness of malicious codes, distinct techniques and tools have been proposed, such as transparent malware tracers, system-wide debuggers, live forensics tools, and isolated execution rings. In this work, we present a survey on state-of-the-art techniques that detect, mitigate, and analyze the aforementioned attacks. We show approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings (e.g., Software Guard eXtensions), as well as others based on external hardware. We also discuss upcoming threats based on the very same technologies used for defense. Our main goal is to provide the reader with a broader, more comprehensive understanding of recently surfaced tools and techniques aiming at binary analysis for modern platforms.

https://dl.acm.org/citation.cfm?id=3199673

Yubikey Linux FDE UEFI Secure Boot tutorial

July 13, 2018 ~ hucktech ~ Leave a comment

YubiKey Full Disk Encryption

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI, using Arch Linux.

This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA) via YubiKey. It contains:

+ YubiKey encrypted root (/) and home (/home) folder on separated partitions
+ Encrypted /boot partition
+ UEFI Secure boot (self signed boot loader)

https://github.com/sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi

https://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/

Microsoft Surface Pro 2 TPM firmware update issues

July 13, 2018 ~ hucktech ~ Leave a comment

Win10 Defender running on Surface Pro 2 says the TPM chip needs a firmware update. Microsoft hasn't shipped one — and hasn't committed to shipping one. Should security-conscious/BitLocker folks with four-year-old SP2 machines just dump them? https://t.co/hTScI85zbc

— Ask Woody https://infosec.exchange/@askwoody (@AskWoody) July 13, 2018

https://www.computerworld.com/article/3289630/microsoft-windows/surface-pro-2-owners-wonder-will-microsoft-ship-tpm-firmware-that-works.html

Tianocore Security Advisories page updated

July 13, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

at least one of these recent Intel bugs should also be in the Tianocore Security Advisories list, and at least one of them was just added to it:

https://legacy.gitbook.com/book/edk2-docs/security-advisory/details

eg:

https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html

Pentecost UEFI: we estimate the security of UEFI firmware with CHIPSEC

July 12, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/yeggorv/status/1016438496641216513

https://xakep.ru/2018/07/09/uefi-pentest/

https://translate.google.com/translate?hl=en&sl=ru&u=https://xakep.ru/2018/07/09/uefi-pentest/

CopperheadOS: continuing with new team

July 12, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/06/04/copperheados-company-problems/ and https://firmwaresecurity.com/2018/06/21/canebrakeos-based-on-copperheados/

it looks like CopperheadOS is continuing:

#CopperheadOS will be:

1) Continuing with contingency plans for our customers. No more SPOF.

2) Keeping our original licensing – free for personal use, non-commercial requires licensing agreement

3) Source code will be available on Github soon, though we may move platforms.

— CopperheadOS (@CopperheadOS) July 11, 2018

Copperhead's new team have successfully patched all builds with July's update and will be providing them to our customers shortly.

— CopperheadOS (@CopperheadOS) July 11, 2018

This is unequivocally false. #CopperheadOS will be continuing with proper contingency plans for our customers. https://t.co/i0WWhjIXQG

— CopperheadOS (@CopperheadOS) July 11, 2018

#CopperheadOS source code will be added back on Github in due time. We have some house cleaning to do.

— CopperheadOS (@CopperheadOS) July 11, 2018

https://copperhead.co/android/

https://github.com/copperheados

ARM Research Summit

July 12, 2018 ~ hucktech ~ Leave a comment

Register now for Arm Research Summit to hear all about activities within Arm research and our academic ecosystem. https://t.co/wTgRKKC4zo https://t.co/nWtIWbvmSM

— Eric Van Hensbergen (@_ericvh) July 12, 2018

The third-annual Arm Research Summit – an academic summit to discuss future trends and disruptive technologies across all sectors of computing – will be returning to Cambridge, UK on 17-19 September 2018.

https://www.arm.com/company/events/research-summit

https://eu.eventscloud.com/ehome/index.php?eventid=200174782&tabid=200415056