Uncategorized

Alex blogs and updates UEFITool!

Double entry for Alex: he’s got a new blog post on Intel Boot Guard, plus he’s updated UEFITool!

“[…]Today I released a new build of UEFITool with visual validation of Intel Boot Guard coverage. The code pushed to the github repository. A standalone binary of UEFITool can be downloaded here.[…]”

https://github.com/LongSoft/UEFITool

View story at Medium.com

 

Standard
Uncategorized

UEFI Firmware Rootkits: Myths and Reality: video online

https://github.com/REhints/Publications/blob/master/Conferences/BHASIA%202017/BHASIA_2017_final.pdf

https://firmwaresecurity.com/2017/04/02/uefi-firmware-rootkits-myths-and-reality/
https://firmwaresecurity.com/2017/02/09/black-hat-asia-the-uefi-firmware-rootkits-myths-and-reality/

Standard
Uncategorized

Alex at Black Hat: Where the Guardians of the BIOS Are Failing

Black Hat Vegas: Where the Guardians of the BIOS Are Failing
By Alex Matrosov
In our upcoming Black Hat Vegas talk, we will summarize our research about the UEFI firmware protections and our newly-discovered security problems. This talk raises awareness of these security challenges for hardware vendors, BIOS-level security researchers and defenders, and sophisticated stakeholders who want to know the current state of UEFI exposure and threats. The situation is serious but, with the right tools and knowledge, we can prevail.[…]

https://www.blackhat.com/us-17/briefings.html#betraying-the-bios-where-the-guardians-of-the-bios-are-failing

https://www.cylance.com/en_us/blog/black-hat-vegas-where-the-guardians-of-the-bios-are-failing.html

Standard
Uncategorized

Gigabyte UEFI firmware advisory

It must be big if CERT notices a UEFI issue! 🙂

https://www.cylance.com/en_us/blog/uefi-ransomware-full-disclosure-at-black-hat-asia.html

 

Standard
Uncategorized

Rootkits and Bootkits book update

https://www.nostarch.com/rootkits

Table of Contents
Chapter 1: Observing Rootkit Infections
Chapter 2: What’s in a Rootkit: The TDL3 Case Study (NOW AVAILABLE)
Chapter 3: Festi Rootkit: The Most Advanced Spam Bot (NOW AVAILABLE)
Chapter 4: Bootkit Background and History (NOW AVAILABLE)
Chapter 5: Operating System Boot Process Essentials (NOW AVAILABLE)
Chapter 6: Boot Process Security (NOW AVAILABLE)
Chapter 7: Bootkit Infection Techniques (NOW AVAILABLE)
Chapter 8: Static Analysis of a Bootkit Using IDA Pro (NOW AVAILABLE)
Chapter 9: Bootkit Dynamic Analysis: Emulation and Virtualization (NOW AVAILABLE)
Chapter 10: Evolving from MBR to VBR Bootkits: Olmasco (NOW AVAILABLE)
Chapter 11: IPL Bootkits: Rovnix & Carberp (NOW AVAILABLE)
Chapter 12: Gapz: Advanced VBR Infection (NOW AVAILABLE)
Chapter 13: Rise of MBR Ransomware (NOW AVAILABLE)
Chapter 14: UEFI Boot vs. the MBR/VBR Boot Process (NOW AVAILABLE)
Chapter 15: Contemporary UEFI Bootkits
Chapter 16: UEFI Firmware Vulnerabilities
Chapter 17: How Secure Boot Works
Chapter 18: HiddenFsReader: Bootkits Forensic Approaches
Chapter 19: CHIPsec: BIOS/UEFI Forensics

Standard