Uncategorized

Black Hat: System Firmware Attack and Defense for the Enterprise

A variety of attacks targeting system firmware have been discussed publicly, drawing attention to interaction with system firmware components. This includes operating system loaders, secure boot mechanisms, runtime interfaces, and system management mode (SMM). This training will detail and organize objectives, attack vectors, vulnerabilities, and protection mechanisms in this fascinating environment. The training includes two parts.
1. Present a structured approach to system firmware security analysis and mitigations through lecture and hands-on exercises to test system firmware for vulnerabilities. After the training, students will have basic understanding of platform hardware components, system firmware components, attacks against system firmware, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
2. Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks.

https://www.blackhat.com/us-18/training/schedule/index.html#system-firmware-attack-and-defense-for-the-enterprise-9792

 

Standard
Uncategorized

Eclypsium at OPCDE: UEFI BIOS firmware analysis at scale

UEFI BIOS firmware analysis at scale
By Oleksandr Bazhaniuk Chief Technology Officer, Eclypsium

Vulnerabilities in system firmware allow adversaries to bypass almost any protection used in the operating system, virtual machine manager and other software. System firmware attacks bypass Secure Boot, software based full-disk encryption and virtualization-based security. Threats exploiting such vulnerabilities can extract secrets from operating system memory, subvert secure/trusted VMs and even hypervisors, install stealthy and persistent implants and even brick physical systems. We’ve discovered a number of such vulnerabilities in the past and developed an open source framework to automate analysis. Despite these risks there are still many modern systems which do not protect their main BIOS/UEFI firmware. We decided to analyze thousands of UEFI firmware updates from multiple platform vendors and discovered hundreds of vulnerabilities, indicating that corresponding systems lack any basic firmware protections in ROM or signed firmware updates. We’ll present the process, findings and limitations of such offline analysis of vendor firmware update images.

http://www.opcde.com/agenda/

Standard
Uncategorized

Defensive firmware talks in Seattle: SASAG and BSides Seattle

There are two presentations in Seattle area on firmware security in January and February, in case you’re in the area.

1) On January 11th, PreOS Security CEO Paul English speaking on enterprise firmware defensive tools and techniques, for a SysAdmin target audience, at SASAG, the Seattle Area SysAdmin Guild (monthly user group).

SASAG: Firmware Security Defense

Thursday, Jan 11, 2018, 7:00 PM

Brian’s office
1111 3rd Ave #2500, Seattle, WA 98101 Seattle, WA

7 Systems Administrators Attending

Paul English & Lee Fisher of PreOS Security will talk about firmware security. For attackers, platform firmware is the new Software. Most systems include hundreds of firmwares – UEFI or BIOS, PCIe expansion ROMs, USB controller drivers, storage controller host and disk/SSD drivers. Firmware-level hosted malware, bare-metal or virtualized, is nearly…

Check out this Meetup →

 

2) On February 3rd, I’ll be speaking at BSides Seattle, on similar topic, but for a target audience of DFIR/blue teams.

http://www.securitybsides.com/w/page/121128486/BsidesSeattle2018#2018Presentations

Disclaimer: Paul and I both work at PreOS Securty.

http://preossec.com/

 

Standard
Uncategorized

Embedded Linux Japan Technical Jamboree 63 slides/videos uploaded

Status of Embedded Linux, Tim Bird
Review of ELC Europe 2017, Tim Bird
mplementing state-of-the-art U-Boot port, 2017 edition, by Marek Vasut
Linux カーネルのメモリ管理の闇をめぐる戦い(協力者募集中, Tetsuo Handa (NTT Data)
Request for your suggestions: How to Protect Data in eMMC on Embedded Devices, Gou Nakatsuka (Daikin)
Fuego Status and Roadmap, Tim Bird
Multicast Video-Streaming on Embedded Linux environment, Daichi Fukui (TOSHIBA)
From 1 to many Implementing SMP on OpenRISC, Stafford Horne
Core Partitioning Technique on Multicore Linux systems, Kouta Okamoto (TOSHIBA)
Debian + YoctoProject Based Projects: Collaboration Status, Kazuhiro Hayashi (TOSHIBA)

https://elinux.org/Japan_Technical_Jamboree_63#Agenda

See-also: Septemer 2017 Jamboree 62:

Status of Embedded Linux, Tim Bird
EdgeX Foundry: Introduction and demonstration of end to end IoT system, Victor Duan, Linaro
Lighting Talk: Integration between GitLab and Fuego, Tomohito Esaki, IGEL Co., Ltd.
DebConf17 Report, Kazuhiro Hayashi, TOSHIBA
Lightning Talk : About the LTS now, Shinsuke kato, Panasonic Corporation
Kernel Recipes 2015 – Linux Stable Release process, Greg KH
Lightning Talk: IPv6 Ready Logo Test for LTSI 4.9 and introduction about CVE-2016-5863 and CVE-2017-11164, Fan Xin, Fujitsu Computer Technologies Limited

https://elinux.org/Japan_Technical_Jamboree_62#Agenda

Standard
Uncategorized

CCC videos uploaded

Re: CCC: https://firmwaresecurity.com/2017/12/26/intel-me-at-ccc/

the videos are already uploaded! Thanks, CCC staff!

https://media.ccc.de/b/congress/2017

 

Standard
Uncategorized

Intel ME at CCC

It appears PTSecurity may have a GUI Debugger for Intel ME??

The “Minix Inside” stickers look great, click on the tweet from frdnd.

Hoping CCC staff does the great job they do ever year and get the videos for these events online quickly! 😉

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8762.html

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8782.html

PS: Of course, this isn’t all that is happening at CCC. There are multiple other interesting talks, eg:

 

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9111.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9056.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9205.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8725.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9207.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8920.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8950.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9237.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9202.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9195.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8784.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8831.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9159.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9058.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8956.html

 

Standard