Uncategorized

USB Charging Actually Poses Security Risks – Hacking a Laptop via a USB-C Adapter

Smartphones have been charged over USB for many years, but with the advance of USB type-C now even laptops may be charged over USB, instead of the typical DC power barrel jack.[…]

https://www.cnx-software.com/2018/08/14/usb-charging-security-risks/

Standard
Uncategorized

ChromeBook CampFire?

Everything we know about Campfire, Google’s secretive project to get Windows 10 running on Chromebooks.[…]

https://www.xda-developers.com/chromebooks-chrome-os-windows-10-dual-boot-apple-boot-camp-campfire/

 

Standard
Uncategorized

Many Blackhat/DEF CON slides uploaded

Update: there’s also a UEFI one here:

https://github.com/HackingThings/Publications/blob/master/2018/DC26_UEFI_EXPLOITATION_MASSES_FINAL.pdf

https://media.defcon.org/DEF%20CON%2026/

https://www.blackhat.com/us-18/briefings/schedule/index.html

Hmm, I don’t see presentations for BSidesLV yet:

https://www.bsideslv.org/archive/

Standard
Uncategorized

CheckPoint Research: Scout Debugger

“Scout” is an extendable basic debugger that was designed for use in those cases that there is no built-in debugger / gdb-stub in the debugee process / firmware. The debugger is intended to be used by security researchers in various scenarios, such as:

Collecting information on the address space of the debuggee – recon phase and exploit development
Exploring functionality of the original executable by accessing and executing selected code snippets
Adding and testing new functionality using custom debugger instructions

We have successfully used “Scout” as a debugger in a Linux Kernel setup, and in an embedded firmware research, and so we believe that it’s extendable API could prove handy for other security researchers in their research projects.

https://github.com/CheckPointSW/Scout

Standard
Uncategorized

AppleSupportPkg: ApfsLDriverLoader, AppleLoadImage, AppleDxeImageVerificationLib

ApfsDriverLoader
Open source apfs.efi loader based on reverse-engineered Apple’s ApfsJumpStart driver
Loads apfs.efi from ApfsContainer located on block device.
Apfs driver verbose logging suppressed.
Version system: connects each apfs.efi to the device from which it was retrieved
Supports AppleLoadImage protocol provides EfiBinary signature check
WARNING: Please load AppleLoadImage.efi right before ApfsDriverLoader, or just put it inside drivers64uefi folder of your Clover bootloader

AppleLoadImage
Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware.
It provides safe EFI binary loading into memory by verifiyng it’s signature.
Also gives ability to use native ApfsJumpStart driver from Apple firmware
WARNING: ApplePartitionDriver needed

AppleDxeImageVerificationLib
This library provides reverse-engineered Apple’s crypto signature algorithms.

https://github.com/acidanthera/AppleSupportPkg

Standard
Uncategorized

FireEye: BIOS Boots What? Finding Evil in Boot Code at Scale

Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace, the exploitation of the classic BIOS boot process is still very much a threat to enterprises around the world. Furthermore, since malware that tampers with the boot process (aka bootkits) execute before the operating system, such compromises often persist even after incident responders think the incident has been remediated. This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.[…]

https://www.fireeye.com/blog/threat-research/2018/08/bios-boots-what-finding-evil-in-boot-code-at-scale.html

 

Standard