Uncategorized

U-Root: firmware solution written in Go

From 2015, something I missed because I didn’t know Go then. ;-(

U-root: A Go-based, Firmware Embeddable Root File System with On-demand Compilation
Ronald G. Minnich, Google; Andrey Mirtchovski, Cisco

U-root is an embeddable root file system intended to be placed in a FLASH device as part of the firmware image, along with a Linux kernel. The program source code is installed in the root file system contained in the firmware FLASH part and compiled on demand. All the u-root utilities, roughly corresponding to standard Unix utilities, are written in Go, a modern, type-safe language with garbage collection and language-level support for concurrency and inter-process communication. Unlike most embedded root file systems, which consist largely of binaries, U-root has only five: an init program and 4 Go compiler binaries. When a program is first run, it and any not-yet-built packages it uses are compiled to a RAM-based file system. The first invocation of a program takes a fraction of a second, as it is compiled. Packages are only compiled once, so the slowest build is always the first one, on boot, which takes about 3 seconds. Subsequent invocations are very fast, usually a millisecond or so. U-root blurs the line between script-based distros such as Perl Linux and binary-based distros such as BusyBox; it has the flexibility of Perl Linux and the performance of BusyBox. Scripts and builtins are written in Go, not a shell scripting language. U-root is a new way to package and distribute file systems for embedded systems, and the use of Go promises a dramatic improvement in their security.

Video and audio on first URL.

https://www.usenix.org/conference/atc15/technical-session/presentation/minnich

https://github.com/u-root/u-root

http://u-root.tk/

Standard
Uncategorized

Cisco adds Redfish support

Ken Spear has a new post on the Cisco blog about Redfish support, and there’s some code on Github related to the post:

Cisco Supports Redfish Standard: API Enhances UCS Programmability

Cisco has added Redfish™ support to IMC to extend our unified and open API to manage server components and to help customers integrate solutions within their existing tool chains. […]

http://blogs.cisco.com/datacenter/cisco-supports-redfish-standard-api-enhances-ucs-programmability

https://github.com/CiscoUcs/imcsdk

https://communities.cisco.com/docs/DOC-69991

Standard
Uncategorized

MBRFilter: MBR security for Windows

Lucian Constantin has an article about a new MBR-based Windows-centric tool created by Cisco’s Talos. From his article on CSO Online:

[…]Cisco’s Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. threat intelligence The tool, called MBRFilter, functions as a signed system driver and puts the disk’s sector 0 into a read-only state. It is available for both 32-bit and 64-bit Windows versions and its source code has been published on GitHub. The master boot record (MBR) consists of executable code that’s stored in the first sector (sector 0) of a hard disk drive and launches the operating system’s boot loader. The MBR also contains information about the disk’s partitions and their file systems. Since the MBR code is executed before the OS itself, it can be abused by malware programs to increase their persistence and gain a head start before antivirus programs. Malware programs that infect the MBR to hide from antivirus programs have historically been known as bootkits — boot-level rootkits. […]

From the project’s readme:

[…]This is a simple disk filter based on Microsoft’s diskperf and classpnp example drivers. The goal of this filter is to prevent writing to Sector 0 on disks. This is useful to prevent malware that overwrites the MBR like Petya. This driver will prevent writes to sector 0 on all drives. This can cause an issue when initializing a new disk in the Disk Management application. Hit  ‘Cancel’ when asks you to write to the MBR/GPT and it should work as expected. Alternatively, if OK was clicked, then quitting and restarting the application will allow partitoning/formatting. […]

http://www.csoonline.com/article/3133115/security/free-tool-protects-pcs-from-master-boot-record-attacks.html

https://github.com/vrtadmin/MBRFilter/releases/tag/1.0

Standard
Uncategorized

Talos creates Intel PT driver

Talos Intel PT Driver
This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows.
Intel Processor Trace is a high performance hardware supported branch tracing mechanism in Intel Skylake architecure.
[…]

https://github.com/talos-vulndev/TalosIntelPtDriver

https://github.com/talos-vulndev/FuzzFlow

http://www.talosintelligence.com/

Standard
Uncategorized

ROPMEMU

ROPMEMU is a framework to analyze, dissect and decompile complex code-reuse attacks. It adopts a set of different techniques to analyze ROP chains and reconstruct their equivalent code in a form that can be analyzed by traditional reverse engineering tools. In particular, it is based on memory forensics (as its input is a physical memory dump), code emulation (to faithfully rebuild the original ROP chain), multi-path execution (to extract the ROP chain payload), CFG recovery (to rebuild the original control flow), and a number of compiler transformations (to simplify the final instructions of the ROP chain). Specifically, the memory forensics part is based on Volatility plugins. The emulation and the multi-path part is implemented through the Unicorn emulator. […]

https://github.com/vrtadmin/ROPMEMU

https://github.com/vrtadmin/ROPMEMU/wiki

Standard
Uncategorized

Using TPMs in embedded systems

Stefan Thom (Microsoft), Steve Hanna (Infineon), and Stacy Cannady (Cisco) have an article in Electronic Design on TPM use in embedded systems. If you are new to TPM, this is a nice introduction.

Standardizing Trust for Embedded Systems

It’s time to get more serious about the lack of security in embedded products. With recently developed standards, it’s implementation just got easier. If you haven’t been concerned about malicious players hacking into your products in the past, or haven’t found success with previous efforts, it’s time for renewed attention and action. Hacking efforts aren’t slowing and, in fact, are on the rise. These days, hackers can accomplish far more than ever before—and the repercussions are far more costly. […]

Full article:
http://electronicdesign.com/embedded/standardizing-trust-embedded-systems

Standard
Uncategorized

Cisco Hardening Guide

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

See also:

http://www.cisco.com/web/about/security/intelligence/ucs_hardening.html

and:

Best Practices: Device Hardening and Recommendations

Standard