We've just published the video for Bazhaniuk's (@ABazhaniuk talk in #H2HC2017 (Software Attacks on Different Type of System Firmware) – @h2hconference (https://t.co/xsbk7jt4KP)
— Rodrigo Branco (@bsdaemon) June 16, 2018
Tag: Alex Bazhaniuk
Alex speaking at OPCDE
Black Hat: System Firmware Attack and Defense for the Enterprise
A variety of attacks targeting system firmware have been discussed publicly, drawing attention to interaction with system firmware components. This includes operating system loaders, secure boot mechanisms, runtime interfaces, and system management mode (SMM). This training will detail and organize objectives, attack vectors, vulnerabilities, and protection mechanisms in this fascinating environment. The training includes two parts.
1. Present a structured approach to system firmware security analysis and mitigations through lecture and hands-on exercises to test system firmware for vulnerabilities. After the training, students will have basic understanding of platform hardware components, system firmware components, attacks against system firmware, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
2. Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks.
Ekoparty presentation by Eclypsium available
cellular baseband vulnerability for Nissan/Infinity/BMW/Ford
Advisory (ICSA-17-208-01)
Continental AG Infineon S-Gold 2 (PMB 8876)
ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.
Vendor: Continental AG
Equipment: Infineon S-Gold 2 (PMB 8876)
Vulnerabilities: Stack-Based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer
AFFECTED PRODUCTS: All telematics control modules (TCUs) built by Continental AG that contain the S-Gold 2 (PMB 8876) cellular baseband chipset are affected. The S-Gold 2 (PMB 8876) is found in the following vehicles: <see full announcement for list of Nissan, Infinity, BMW, Ford, etc models.>
An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU.
Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk of the Advanced Threat Research Team at McAfee have reported the vulnerabilities.
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01
https://github.com/HackingThings/Publications/tree/master/2017
https://github.com/HackingThings/CAN-Bus-Arduino-Tool
Alex and Yuriy form Eclypsium, Inc.
WOW! I just heard that Alex and Yuriy have left Intel Advanced Threat Research (McAfee) and have started Eclypsium, Inc.
Alex Bazhaniuk is the “Founder and VP of Technology at Eclypsium, Inc.”
Yuriy Bulygin is the “Founder and CEO at Eclypsium, Inc.”
http://www.eclypsium.com/
Twitter: @ABazhaniuk
Twitter: @c7zero/
https://github.com/chipsec/chipsec/blob/master/AUTHORS
Exploring Your System Deeper presentation uploaded
CHIPSEC gets new UEFI Whitelist command
CHIPSEC already has a Blacklist command. Now there is a UEFI whitelist command.
Slides for coreboot/UEFI talk from REcon available
Debian packaging for CHIPSEC
https://github.com/chipsec/chipsec/tree/master/debian
Wow, so now PIP has some competition. 🙂
Intel ATR seeks Intern
If you are a student, the Intel Advanced Threat Research (ATR) team, the team that produces CHIPSEC, is looking for a Summer Intern:
http://jobs.intel.com/ShowJob/Id/819549/Security-Research-Intern/
Firmware Security 