Detecting Evil Maid attacks with PowerShell

April 26, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/25/donotdisturb-detect-evil-maid-attacks/

the above solution was a Mac-centric solution. Here’s a Microsoft-centric solution, using Powershell:

Detecting Evil Maid attacks with PowerShell 🙂 https://t.co/EB5ENq68HZ pic.twitter.com/DmxxiONH1v

— Lee Holmes (@Lee_Holmes) April 25, 2018

https://pastebin.com/hAEHibHf

Grab this version before the Visual Studio or Azure teams ties the code to their products. 🙂

US CERT update on Spectre/Meltdown

April 26, 2018 ~ hucktech ~ Leave a comment

ICS-CERT issued updated alert ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update G) to the ICS-CERT website – https://t.co/8AvQW0angx

— ICS-CERT (@ICSCERT) April 26, 2018

This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update F) that was published March 1, 2018, on the NCCIC/ICS-CERT website.

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01

Intel SGX hardening patent, by Intel

April 26, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/vpikhur/status/989561250609709057

PATENT ALERT. Engineers not wanting to be tainted by external patent info should not read this post. It is only the title/abstract of the patent, however.

.
.
.
.
.
.
.

Inventor: Volodymyr Pikhur, Atul A. Khare
Current Assignee: Intel Corp
Priority date: 2016-09-07

Non-enclave access prevention

A processing system includes an execution unit comprising a logic circuit to implement an architecturally-protected execution environment associated with a protected region in a memory, in which the execution unit is to execute application code stored in the protected region as a thread running in the architecturally-protected execution environment, determine that an access mode flag is set to a first value, detect an attempt by the thread to access data stored outside the protected region, and responsive to detecting the attempt and determining that the access mode flag is set to the first value, generate an exception.

https://patents.google.com/patent/US20180067873A1

IOActive: HooToo TripMate Routers are Cute But Insecure

April 26, 2018 ~ hucktech ~ Leave a comment

Check out a new blog post from Tao Sauvage "HooToo TripMate Routers Are Cute But Insecure" for the 411 on the vulnerabilities found. https://t.co/FzOs8vztyR … #cybersecurity #ioactive

— IOActive, Inc (@IOActive) April 23, 2018

Monday, April 23, 2018
HooToo TripMate Routers are Cute But Insecure
By Tao Sauvage

[…] While HooToo TripMate routers are cute, they are also extremely insecure. Multiple memory corruptions, multiple OS command injections, arbitrary file upload, and arbitrary firmware update: all of them unauthenticated.[…]

http://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html

Click to access HooToo_Security_Advisory_FINAL_4.19.18.pdf

https://www.hootoo.com/hootoo-tripmate-ht-tm05-wireless-router.html

DMTF Redfish becomes ISO/IEC 30115:2018 Redfish

April 26, 2018 ~ hucktech ~ Leave a comment

DMTF announces adoption of Redfish by ISO and IEC. Learn more: https://t.co/PbEeNAFRHG

— DMTF (@DMTF) April 26, 2018

https://www.dmtf.org/content/dmtf-announces-adoption-redfish-iso-and-iec

ISO/IEC 30115:2018: The Redfish Scalable Platforms Management API (“Redfish”) is a new specification that uses RESTful interface semantics to access data defined in model format to perform out-of-band systems management. It is suitable for a wide range of servers, from stand-alone servers to rack mount and bladed environments but scales equally well for large scale cloud environments. There are several out-of-band systems management standards (defacto and de jour) available in the industry. They all either vary widely in implementation, were developed for single server embedded environments or have their roots in antiquated software modeling constructs. There is no single industry standard that is simple to use, based on emerging programming standards, embedded friendly and capable of meeting large scale data center & cloud needs.

https://www.iso.org/standard/53235.html

NVidia update for CVE-2018-6242

April 26, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/26/cve-2018-6242-shofel2-and-fusee-gelee/

Advisories for bunch of issues in NVIDIA Tegra Recovery Mode (RCM) is up. New Tegra SOC's such as Xavier are not affected! https://t.co/iJp5nwqwFm

— Alex Matrosov (@matrosov) April 26, 2018

http://nvidia.custhelp.com/app/answers/detail/a_id/4660

HP iLO ransomware?

April 26, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/M_Shahpasandi/status/989157283799162880

After a test, it's the login banner. The credentials might have been bruteforced after retrieving the password hash via IPMI. pic.twitter.com/I97X7tXm6P

— F4b (@0xf4b) April 26, 2018

https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/

Purism pulls FSP blog post

April 26, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/03/intel-fsp-reverse-engineering-finding-the-real-entry-point/

“2018-04-23 update: after receiving a courtesy request from Intel’s Director of Software Infrastructure, we have decided to remove this post’s technical contents while we investigate our options.” #firmware #security #freedom #coreboot https://t.co/23wnXI9lQl

— 3mdeb (@3mdeb_com) April 26, 2018

https://puri.sm/posts/intel-fsp-reverse-engineering-finding-the-real-entry-point/

2018-04-23 update: after receiving a courtesy request from Intel’s Director of Software Infrastructure, we have decided to remove this post’s technical contents while we investigate our options.

CVE-2018-6242: ShofEL2 and Fusée Gelée

April 26, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/04/24/shofel2-a-tegra-x1-and-nintendo-switch-exploit/

Note the CVE creation date, in case anyone doubted our disclosure timeline. And don't even *think* about trying to give the bug itself a cutesy name. We have enough of those already 😉

— fail0verflow (@fail0verflow) April 25, 2018

The Tegra X1 flaw that both ShofEL2 and Fusée Gelée exploit now has a name: CVE-2018-6242. https://t.co/4VAd7TUxhd https://t.co/KWUKQPjrxQ

— fail0verflow (@fail0verflow) April 25, 2018

https://www.nvidia.com/en-us/product-security/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6242

OffensiveCon18 – Alex Ionescu – Advancing the State of UEFI Bootkits

April 25, 2018 ~ hucktech ~ Leave a comment

Published another talk from OffensiveCon 2018:
Advancing the State of UEFI Bootkits by @aionescu https://t.co/wp499aMvxj

— offensivecon (@offensive_con) April 25, 2018

DoNotDisturb: Detect Evil Maid Attacks

April 25, 2018 ~ hucktech ~ 2 Comments

1️⃣ Go on Tinder date in Moscow 🇷🇺
2️⃣ Realize date works for Russian govt (MFA) 😅
3️⃣ Create app to detect 'Evil Maid' attacks…like, while out on a date 🛡️

"Do Not Disturb" #free https://t.co/R6IKMaCGUx

kudos to venerable @thegrugq for 'lid open' trigger idea! 🙏

— Patrick Wardle (@patrickwardle) April 24, 2018

https://github.com/objective-see/DoNotDisturb

https://objective-see.com/products/dnd.html

AMD updates “boot kit” :-)

April 25, 2018 ~ hucktech ~ Leave a comment

AMD tech support can lend some a processor to get around a problem, aka a “Boot Kit”. They have recently updated this procedure:

Unable to Boot New Desktop System Configured with AMD 2nd Generation Ryzen™ Desktop Processor, and AMD Socket AM4 Motherboard
Article Number: PA-100

This document provides information on how to resolve a specific boot issue that may be experienced with some 2nd Generation Ryzen Desktop Processors when installed on an AMD Socket AM4 motherboard.[…]

https://support.amd.com/en-us/kb-articles/Pages/2Gen-Ryzen-AM4-System-Bootup.aspx

ShofEL2, a Tegra X1 and Nintendo Switch exploit

April 24, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/04/23/shofel2-responsible-disclosure-window-ends-april-25th/

https://twitter.com/coreboot_org/status/988673576785137670

https://fail0verflow.com/blog/2018/shofel2/

Coreboot and Linux on the Switch. Holy smokes! @coreboot_org

— David (@Liimero) April 23, 2018

Spoofing Cell Networks with a USB to VGA Adapter

April 24, 2018 ~ hucktech ~ Leave a comment

In Aviation no one seems to be loosing sleep on this…(?) People seem confident that technology like RAIM will prevent spoofing. Yet, it has only been designed to detect _accidental_ signal inconsistencies, not purposely-injected ones.@AndreaBarisani ? https://t.co/ODz1fS9c31

— Joanna Rutkowska (@rootkovska) April 24, 2018

With a cheap VGA adapter, you can now spoof GPS and cell networks. https://t.co/iSI4zLe5Jl

— hackaday (@hackaday) April 23, 2018

Spoofing Cell Networks with a USB to VGA Adapter

A Survey of Techniques for Improving Security of GPUs

April 24, 2018 ~ hucktech ~ Leave a comment

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link’ in the security `chain’. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures.

https://arxiv.org/abs/1804.00114

ShofEL2 responsible disclosure window ends April 25th

April 23, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/02/19/nintendos-new-kde-linux-tablet/ and https://firmwaresecurity.com/2018/01/16/dumping-the-playstation4-kernel/

Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u

— fail0verflow (@fail0verflow) April 23, 2018

And for those who don't want to wait or want a more cost-effective solution, we're also introducing a lite version of SwitchX. Available at your local hardware store TODAY. pic.twitter.com/BlPMmqLGlw

— fail0verflow (@fail0verflow) April 23, 2018

Jokes aside, we have a 90-day responsible disclosure window for ShofEL2 ending on April 25th. Since another person published the bug so close to our declared deadline, we're going to wait things out. Stay tuned.

— fail0verflow (@fail0verflow) April 23, 2018

Red Hat: automating Secure Boot testing

April 23, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/11/efi-ci-red-hat-teams-build-ci-for-efi-related-tools/
and https://github.com/rhboot/efi-ci

There’s a video of the FOSDEM’18 presentation on this topic:

https://fosdem.org/2018/schedule/event/hwenablement_automating_secure_boot_testing/

Patrick Georgi on UEFI memory mapping

April 23, 2018 ~ hucktech ~ Leave a comment

Patrick of Coreboot has a blog post on UEFI!

UEFI memory mapping https://t.co/EiFm9kxtAD

— Nicolas Krassas (@Dinosn) April 18, 2018

UEFI memory mapping

Recently I got into UEFI (TianoCore) development. One of UEFI’s properties is that a part of it survives the OS load and remains resident to provide a limited set of firmware services to the OS.[…]

UEFI memory mapping

See-also:

https://blogs.coreboot.org/blog/author/patrickgeorgi/

GetSecureBootPolicy.ps1: Partially-completed Secure Boot policy parser

April 21, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/03/31/geoff-chappell-secure-boot-internals/

https://twitter.com/mattifestation/status/987393518803927042

https://twitter.com/mattifestation/status/987394786029068288

https://github.com/mattifestation/BCD

Click on above URL or remove spaces in below URL (WordPress mangles Github Gist URLs…)

https://gist. github.com/mattifestation /f1e160bc970c8a7b82355d7e5946901b

Given enough machines, you too may find a processor bug

April 20, 2018 ~ hucktech ~ Leave a comment

[…]Basically, multi-CPU machines are the norm now. You might have multiple packages on the board, which is to say actual distinct chips in sockets. Each one of those might have have multiple cores on board, and each core might have multiple threads (as in hyperthreading). Odds are, if you really have found a “CPU bug”, it will be limited to that core. How do you verify this? Easy: use something like ‘taskset’.[…]

https://rachelbythebay.com/w/2018/04/18/cpu/