Tag: event

UEFI security presentation at Seattle DC206 Meeting

~ hucktech ~ Leave a comment

If you missed the Intel presentation from BlackHat Briefings this summer, and if you are in the Seattle area this Sunday, Vincent Zimmer of Intel will be reprising this presentation at the DC206 Meeting at the Black Lodge Research hackerspace.

https://www.dc206.org/?p=216

What: Oct DC206 Meeting: Firmware is the New Black
When: October 15th, 1-3pm
Who: Vincent Zimmer
Where: Black Lodge Research

Firmware is the New Black โ€“ Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities

In recent years, we witnessed the rise of firmware-related vulnerabilities, likely a direct result of increasing adoption of exploit mitigations in major/widespread operating systems โ€“ including for mobile phones. Pairing that with the recent (and not so recent) leaks of government offensive capabilities abusing supply chains and using physical possession to persist on compromised systems, it is clear that firmware is the new black in security. This research looks into BIOS/UEFI platform firmware, trying to help making sense of the threat. We present a threat model, discuss new mitigations that could have prevented the issues and offer a categorization of bug classes that hopefully will help focusing investments in protecting systems (and finding new vulnerabilities). Our data set comprises of 90+ security vulnerabilities handled by Intel Product Security Incident Response Team (PSIRT) in the past 3 years and the analysis was manually performed, using white-box and counting with feedback from various BIOS developers within the company (and security researchers externally that reported some of the issues โ€“ most of the issues were found by internal teams, but PSIRT is involved since they were found to also affect released products).

https://www.blackhat.com/us-17/briefings.html#firmware-is-the-new-black-analyzing-past-three-years-of-bios-uefi-security-vulnerabilities
http://vzimmer.blogspot.com/2017/08/black-hat-usa-2017-firmware-is-new-black.html

Click to access BlackHat2017-BlackBIOS-v0.13-Published.pdf

https://blacklodgeresearch.org/

https://www.facebook.com/events/1611758852222280/

UEFI slides from SOURCE Seattle uploaded

~ hucktech ~ Leave a comment

Last week I gave a presentation at SOURCE Seattle Conference, on defensive UEFI tools/guidance, mostly talking about NIST 147’s lifecycle, and how to use tools like (CHIPSEC, acpidump, FWTS) to look for signs of firmware attacks.

As I understand it, SOURCE Conference will have video of this presentation online sometime in the near future.

https://www.sourceconference.com/copy-of-seattle-2016-agenda-details

Slides have been uploaded to this blog, and are available here:.srcsea17. (PreOS Security will have an archive of all of our post-conference materials on Github shortly.)

At the conference, Bryan of the Brakeing Security podcast interviewed PreOS Security co-founder Paul English and myself, along with some other SOURCE Seattle speakers. I am not sure when that podcast is queued up for. I hate public speaking in general, but I cringe at completely unprepared interviews like this podcast. Sorry I didn’t have better concise answers to the questions put to me. I think the normal podcast drinking game is to drink whenever you hear ‘um’ or ‘I mean’. Be careful if you’re playing that game during my brief audio clips. ๐Ÿ˜ฆ

http://www.brakeingsecurity.com/

http://brakeingsecurity.com/rss

@bryanbrake

 

A slide in the presentation pre-announces an upcoming tool we’re working on. That tool should be ready in a few weeks, more details soon.

European coreboot conference 2017: Call for Papers

~ hucktech ~ Leave a comment

Note the request for SECURITY talks!

We are particularly interested in advances in the application of technology in a particular discipline primarily around coreboot, hardware, firmware, and security. As a result, the conference will be structured around the following topics:
– Free and Open Source hardware and firmware.
– Attacks against current hardware and firmware, like side and covert channel attacks.
– Firmware and hardware reverse engineering.
– coreboot payloads, extensions, and features.
– Advances of coreboot and UEFI on the market.
– Applications of free and open source hardware/firmware in practice.
– State-of-the-art security in embedded devices.

Conference talks, lightning talks, and workshops will be video taped and published afterwards. If a recording is not desired by a speaker or workshop instructor, no recordings will be made (notification in advance of the talk / workshop requested)[…]

https://ecc2017.coreboot.org/

Radare Conference 2017

~ hucktech ~ Leave a comment

https://rada.re/con/2017/

http://radare.org/con/2017/

Training:
Beginner Training (pancake, alvarofe)
Intro to Unpacking on Windows (newlog, Giomismo, zlowram)
Beginner Training (maijin, xvilka)
Tiny uControllers firmware reversing and exploiting (dark_k3y)

Presentations:
r2frida (@mrmacete)
SIOL – condret
CFG-based fussy hash for malware classification using r2 (robin marsollier)
zdbg (@zutle)
GSoC talks (gdbserver, windows support and backstepping) @xvilka
r2anal (alvaro) + limits of esil (killabyte)
RAIR (@oddcoder)
r2 module for Yara (@plutec_net + @mmorenog)
Anal clemency (@raysong)
Intro to Reversing Windows Malware Using r2 @ newlog
Surprise talk by @oleavr
Diaphora and r2 (@pancake, @matalaz)
Road to the kernel (@nighterman)
Pimp my Triton (ak42)

TPM microconf at 2017 Linux Plumbers Conference

~ hucktech ~ Leave a comment

Matthew Garrett has announced a TPM microconference at the upcoming Linux Plumbers Conference:

I’m pleased to say that after the success last year, there will be another TPM microconference at this year’s Linux Plumbers Conference. The current schedule has this taking place on Wednesday the 13th of September, so just under 4 weeks from now. We have a list of proposals for discussion at http://wiki.linuxplumbersconf.org/2017:tpms but please feel free to add more! I intend to finalise the schedule by the end of next week, so please do so as soon as you can. For those of you who weren’t there, the Linux Plumbers conference is an event dedicated to bringing together people working on various infrastructural components (the plumbing) of Linux. Microconferences are 3 hour long events dedicated to a specific topic, with the focus on identifying problems and having enough people in the room to start figuring out what the solutions should be – the format is typically some short presentations coupled with discussion.

From James Bottomley’s comments on the LPC entry on this microconf:

Following on from the TPM Microconference last year, weโ€™re pleased to announce there will be a follow on at Plumbers in Los Angeles this year. The agenda for this year will focus on a renewed attempt to unify the 2.0 TSS; cryptosystem integration to make TPMs just work for the average user; the current state of measured boot and where weโ€™re going; using TXT with TPM in Linux and using TPM from containers.

http://wiki.linuxplumbersconf.org/2017:tpms

http://www.linuxplumbersconf.org/2017/trusted-platform-module-microconference-accepted-into-the-linux-plumbers-conference/

Full text of Matthew’s email:
https://lists.sourceforge.net/lists/listinfo/linux-ima-devel

Workshop on Security for Embedded and Mobile Systems

~ hucktech ~ Leave a comment

Secure and Efficient RNS software implementation for Elliptic Curve Cryptography
Practical Power Analysis on KCipher-2 Software on Low-End Microcontrollers
Use of simulators for side-channel analysis
Secure positioning: From GPS to IoT
Permutation-based cryptography for embedded and mobile systems
The Curious Case of the Curious Case: Detecting touchscreen events using a smartphone case
Are You Really My Friend? Efficient and Secure Friend-matching in Mobile Social Networks
From Smashed Screens to Smashed Stacks: Attacking Mobile Phones using Malicious Aftermarket Parts

http://sems2017.cs.ru.nl/program.shtml

SyScan360 Seattle

~ hucktech ~ Leave a comment

https://www.syscan360.org/

Hardware.io 2017 CFP is open

~ hucktech ~ Leave a comment

Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols i.e. backdoors, exploits, trust and attacks (BETA).

Training: 19th โ€“ 20th Sept 2017
Conference: 21st โ€“ 22nd Sept 2017
http://hardwear.io/

 

UEFI lab at Cascadia IT Conference in Seattle March 10th

~ hucktech ~ Leave a comment

[DISCLAIMER: FirmwareSecurity is my personal blog. I work at PreOS Security.]

PreOs Security is offering a half-day training lab for System Administrators, SRE/DevOps in the Seattle area at Cascadia IT Conference, for those interested in learning about UEFI/ACPI/BIOS/SMM/etc security. Here’s the text for the training:

Defending System Firmware

Target audience: System administrators, SRE, DevOps who work with Intel UEFI-based server hardware

Most enterprises only defend operating system and application software; system and peripheral firmware (eg., BIOS, UEFI, PCIe, Thunderbolt, USB, etc) has many attack vectors. This workshop targets enterprise system administrators responsible for maintaining the security of their systems. The workshop is: an introduction to UEFI system firmware, an overview of the NIST secure BIOS platform lifecycle model of SP-(147,147b,155) and how to integrate that into normal enterprise hardware lifecycle management, and an introduction to the available open source firmware security tools created by security researchers and others, and how to integrate UEFI-based systems into the NIST lifecycle using available tools, to help protect your enterprise. It will be a 3.5 hour presentation, and at the end, you can optionally can run some tests on your laptop: Intel CHIPSEC, Linux UEFI Validation distribution (LUV-live), FirmWare Test Suite live boot distribution (FWTS-live), and a few other tools. Attendees trying to participate in the lab will need to have a modern Intel x86 or x64-based (not AMD), UEFI-based firmware, running Windows or Linux OS software. That means no AMD systems, no Apple Macbooks, no ARM systems. Any system used in the lab must have all data backed up, in case some tool bricks the device. Attendees should understand the basics of system hardware/firmware, be able to use a shell (eg, bash, cmd.exe, UEFI Shell), and able to use Python-based scripts.

https://www.casitconf.org/casitconf17/tutorials/

6th RISC-V Workshop: call for papers

~ hucktech ~ Leave a comment

Registration and the call for presentations / posters is open for the 6th RISC-V Workshop, co-hosted by NVIDIA and the Shanghai Jiao Tong University (SJTU) in Shanghai China on May 8-11, 2017.ย  As with past workshops, our goals for these events are to bring the RISC-V community together to share information about recent activity in the various RISC-V projects underway around the globe, and build consensus on the future evolution of the instruction set. This will be a four day event broken down as follows[…]

https://riscv.org/2017/03/6th-risc-v-workshop-registration-and-call-for-papers/

Black Hat Asia: The UEFI Firmware Rootkits: Myths and Reality

~ hucktech ~ Leave a comment

The UEFI Firmware Rootkits: Myths and Reality
Alex Matrosovย  |ย  Principal Research Scientist, Cylance
Eugene Rodionovย  |ย  Senior Specialized Software Engineer, ESET

In recent days, the topic of UEFI firmware security is very hot. There is a long list of publications that have appeared over the last few years discussing disclosed vulnerabilities in UEFI firmware. These vulnerabilities allows an attacker to compromise the system at one of the most privileged levels and gain complete control over the victim’s system. In this presentation, authors will take a look at the state of the art attacks against UEFI firmware from practical point of view and analyze applicability of disclosed attacks in real life scenarios: whether these vulnerabilities can be easily used in real-world rootkits (OS->SMM->SPI Flash).

In the first part of the presentation, the authors will dive into different types of vulnerabilities and attacks against UEFI firmware to summarize and systematize known attacks: whether the vulnerability targets one specific firmware vendor, whether an attacker needs physical access to the victims platform and so on. Such a classification is useful to understand possibilities of an attacker. The authors will also look at the attacks and determine whether it can be converted into a real-world rootkit or the possibilities of the attacker are very limited and the attack vector cannot make it beyond the PoC.

In the second part of the presentation, the authors will look at defensive technologies and how can one reduce severity of some attacks. In modern Intel-based platforms implemented different methods and mitigation technologies against firmware and boot process attacks. The Boot Guard – hardware-based integrity protection technology that provided new levels of configurable boot: Measured Boot and Verified Boot (supported from MS Windows 8). The technologies responsible for platform flash memory protection from malicious modifications not a new trend. As example BIOS Write Enable bit (BIOSWE) has been introduced long time ago for made read-only access of flash memory. Another protection technology is BIOS Lock Enable bit (BLE) which is control every privileged code execution from System Management Mode (SMM) on each attempt to change BIOSWE bit. Also SMM based write protection (SMM_BWP) protects an entire BIOS region from unprivileged code (non-SMM) modifications attempts. One of the latest security technologies is SPI Protected Ranges (PRx) which can be configured to protect memory ranges of flash memory on the BIOS/platform developers side. The BIOS Guard (delivered since Skylake CPU) – is the most recent technology for platform armoring protection from firmware flash storage malicious modifications. Even if an attacker has access for modifying flash memory BIOS Guard can prevent execution of malicious code and protect flash memory from malicious modifications. Authors will analyse how these technologies can counteract existing firmware vulnerabilities and attacks.

https://www.blackhat.com/asia-17/briefings/schedule/#the-uefi-firmware-rootkits-myths-and-reality-5429

Open Source Hardware Camp 2017 announced

~ hucktech ~ Leave a comment

Andrew Back announced the CfP for “Open Source Hardware Camp 2017”, taking place in September in the U.K. Note also ChipHack and ORConf! I wish O’Reilly’s Maker Faire would merge with this group, so that these OSH camps were worldwide, not just in the UK…

This year Open Source Hardware Camp will take place over the weekend of Saturday 2nd & Sunday 3rd September, hosted as part of the Wuthering Bytes festival in Hebden Bridge, which in 2017 will take place over the course of 10 days (again!). We will be returning to the Birchcliffe Centre in Hebden Bridge, which benefits from the convenience of adjoining, budget accommodation. Proposals for talks and workshops for OSHCamp 2017 are invited! That the deadline for submitting titles and abstracts is Monday 1st May. There is no theme and topics may include, for example: Open source hardware projects, Open development practices and principles, Novel/interesting/fun projects built using open source hardware, Tools (hardware and software), Skills and techniques, e.g. PCB fab, DIY SMT assembly, Relevant technologies, e.g. SPI/I2C bus programming, …something else relevant to the community. Other events running as part of Wuthering Bytes 2017 and which may be of interest:
* Fri 1st: Wuthering Bytes Festival Day, http://wutheringbytes.com/
* Wed 6th & Thurs 7th: Chip Hack, http://chiphack.org/
* Thurs 7th PM & Fri 8th AM: EDSAC Challenge
* Fri 8th AM – Sunday 10th PM: GNU ORConf, http://orconf.org/

More info:
http://orconf.org/
http://chiphack.org/
http://wutheringbytes.com/
http://oshug.org/pipermail/oshug/2017-February/000595.html
https://www.eventbrite.co.uk/e/open-source-hardware-camp-2017-tickets-31845191826

European coreboot conference 2017

~ hucktech ~ Leave a comment

OEMs: please note!

Carl-Daniel Hailfinger posted an announcement to the upcoming European coreboot conference 2017 to the coreboot-announce list:

We are currently planning to host a coreboot conference in Germany with 2 days of talks and an additional 2 days of hacking. The date will probably either be October 19-22 or October 26-29, i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe. Ticket prices haven’t been decided yet and depend on the location and venue availability. The location will be either in Bonn or Bochum. Both Bochum and Bonn offer a variety of interesting activities for conference participants. Bochum is reachable by public transport from Frankfurt Airport within 120 minutes, from Dusseldorf Airport within 40 minutes and from Cologne Airport within 80 minutes. Bonn is reachable by public transport from Frankfurt Airport within 70 minutes, from Dusseldorf Airport within 70 minutes and from Cologne Airport within 30 minutes.
YOUR ACTION NEEDED!
Please fill out the application and subscribe to the newsletter if you are planning to join us!
https://www.coreboot.org/events/ecc2017

Full announcement:
https://www.coreboot.org/pipermail/coreboot-announce/2017-January/000024.html

Hardware security training at Black Hat

~ hucktech ~ Leave a comment

https://www.blackhat.com/us-17/training/index.html

Alexander on U-Boot+UEFI+GRUB on ARM

~ hucktech ~ Leave a comment

Here’s one interesting presentation for the upcoming OpenIoT and Embedded Linux Conference:

Marrying U-Boot, uEFI and grub2 – Alexander Graf, SUSE

Booting is hard. Booting in the ARM world is even harder. State of the art are a dozen different boot loaders that may or may not deserve that name. Each gets configured differently and each has its own pros and cons. As a distribution this is a nightmare. Configuring each and every one of them complicates code that really should be very simple. To solve the problem, we can just add another layer of abstraction (grub2) on top of another layer of abstraction (uEFI) on top of another layer of abstraction (u-boot). Follow me on a journey on how all those layers can make life easier for the distribution and how much fun uEFI really is. After this talk, you will know how ARM systems boot, what uEFI really means, how uEFI binaries interact with firmware and how this enables convergence of the Enterprise and Embedded markets.

Alexander Graf, KVM Wizard, SUSE
Alexander started working for SUSE about 8 years ago. Since then he worked on fancy things like SUSE Studio, QEMU, KVM and openSUSE on ARM. Whenever something really useful comes to his mind, he tends to implement it. Among others he did Mac OS X virtualization using KVM, nested SVM, KVM on PowerPC and a lot of work in QEMU for openSUSE on ARM. He is the upstream maintainer of KVM for PowerPC, QEMU for PowerPC and QEMU for S390x.

https://openiotelcna2017.sched.com/event/9IuS

https://openiotelcna2017.sched.com/?s=firmware
https://openiotelcna2017.sched.com/?s=u-boot
http://events.linuxfoundation.org/events/openiot-summit
http://events.linuxfoundation.org/events/embedded-linux-conference

 

Brian speaking at Bsides Huntsville

~ hucktech ~ Leave a comment

Brian Richardson of Intel will be speaking about firmware at a security conference, BSides Huntsville.

https://software.intel.com/en-us/meet-the-developers/evangelists/team/Brian-Richardson

https://www.bsideshuntsville.org/