BlackHat: Behind the scenes of iOS and Mac Security

Ivan Krstić, Head of Apple Security Engineering and Architecture at Apple, will be speaking at BlackHat on the T2 security processor:

[…]We will discuss three iOS and Mac security topics in unprecedented technical detail, offering the first public discussion of several key technologies new to iOS 13 and the Mac.[…]The T2 Security Chip brought powerful secure boot capabilities to the Mac. Comprehensively securing the boot process required protections against sophisticated direct memory access (DMA) attacks at every point, even in the presence of arbitrary Option ROM firmware. We will walk through the boot sequence of a Mac with the T2 Security Chip and explain key attacks and defenses at each step, including two industry-first firmware security technologies that have not been publicly discussed before.[…]

https://www.blackhat.com/us-19/briefings/schedule/#behind-the-scenes-of-ios-and-mac-security-17220

BlackHat 2018 God Mode Unlocked: hardware backdoors in x86 CPUs, released

Re: https://firmwaresecurity.com/2018/08/10/rosenbridge-hardware-backdoors-in-some-x86-cpus/

Blackhat has released the video of this presentation:

 

Eclypsium presentations from Blackhat and DEF CON uploaded

Re: https://firmwaresecurity.com/2018/08/10/eclypsium-remotely-attacking-system-firmware/

https://github.com/HackingThings/Publications/blob/master/2018/DC26_UEFI_EXPLOITATION_MASSES_FINAL.pdf

https://github.com/eclypsium/Publications/blob/master/2018/BlackHat_USA_2018/BH2018_REMOTELY_ATACKING_SYSTEM_FIRMWARE_FINAL.pdf

Microsoft Blackhat speculative execution slides posted

https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2018_08_BlackHatUSA/us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf

Eclypsium: Remotely Attacking System Firmware

At BlackHat, Eclypsium gave a great talk with an overview of platform firmware security threats, focusing on network-based attacks, including poorly-tested OEM firmware update implementations.

https://threatpost.com/update-mechanism-flaws-allow-remote-attacks-on-uefi-firmware/134785/

https://www.blackhat.com/us-18/briefings/schedule/index.html#remotely-attacking-system-firmware-11588

 

Meet Us At Black Hat USA 2018

Management here – we’ll be at Black Hat USA 2018.. next week. If you’ll be there, be sure and stop by our Arsenal Tools Demo Wednesday, August 8 | 2:30pm-3:50pm, Station #5.

https://www.blackhat.com/us-18/arsenal/schedule/index.html#firmware-audit-platform-firmware-security-automation-for-blue-teams-and-dfir-11359

We’ll be around before and after, attending talks and available for meetings. If you think your employer should be doing more platform firmware security, we’d love to talk! Email to set up a meeting:

blackhatusa2018@preossec.com

BlackHat cancels Intel/Eclypsium CHIPEC training

I notice that the Intel/Eclypsium training at Black Hat USA 2018 is no longer listed. Sounds like not enough people signed up?!

AFAIK, the next opportunity to get Eclypsium CHIPSEC training is at REcon (and REcon appears to have cheaper training rates than Blackhat):

https://recon.cx/2018/montreal/training/trainingfirmware.html

There’s also the training materials from older training from Intel ATR/CHIPSEC team, available here:

https://firmwaresecurity.com/2017/05/25/intel-atr-releases-uefi-firmware-training-materials/

 

LegbaCore Summer Tour announced

LegbaCore, one of the main BIOS security research firms around, has updated their web site to include calendar information about their upcoming presentations and training for the Summer and early Fall.

They will be at HITB Singaport giving BIOS training in October. They’ll be speaking at BlackHat/DEFCON on Mac firmware attacks. They’ll be giving “Understanding x86-64 Assembly for Reverse Engineering and Exploits” training at BlackHat USA. They’ll be talking at SummerCon, entitled “How Many Million BIOSes Would You Like to Infect?”. “This talk will detail the result of our 1 month effort to infect the BIOS of every business class system we could get our hands on.”

They’ve also updated their Training resources. They now have *SIX* full days of BIOS/UEFI training!

More Information:

http://gsec.hitb.org/sg2015/sessions/tech-training-6-introductory-bios-smm-attack-defense/
https://www.blackhat.com/us-15/training/understanding-x86-64-assembly-for-reverse-engineering-and-exploits.html
http://www.legbacore.com/News.html

http://www.legbacore.com/Training.html
http://www.summercon.org/presentations.html#bioses