Tag: event

Coreboot Conference 2017 announced!

~ hucktech ~ Leave a comment

https://twitter.com/coreboot_org/status/818889514772992000

European Coreboot Conference 2017
Location: Germany

We are currently planning to  host a coreboot conference with 2 days of talks and an additional 2 days of hacking. Sometime in October 2017 in Bonn or Bochum, Germany.
The dates will probably either be October 19-22 or October 26-29,  i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe.
Ticket prices haven’t been decided yet and depend on the location and venue availability.  Add your email address to be sent an invite to the conference when it is announced.

https://www.coreboot.org/events/ecc2017

 

FOSDEM

~ hucktech ~ Leave a comment

The other day I mentioned that coreboot was going to be at FOSDEM’17.

coreboot at FOSSDEM

(I mistakingly called it FOSSDEM instead of FOSDEM. And I mistakingly pointed to the FOSDEM’16 expo layout, ignore that.) 😦

In addition to coreboot presence, there are also multiple interesting presentations, including (but not limited to):

https://fosdem.org/2017/schedule/event/libreboot/
https://fosdem.org/2017/schedule/event/abusing_chromium_ec/
https://fosdem.org/2017/schedule/event/sniffing_usb/
https://fosdem.org/2017/schedule/event/secure_safe_embedded_updates/
https://fosdem.org/2017/schedule/event/terrible_bsp/
https://fosdem.org/2017/schedule/event/lava_laboratory/
https://fosdem.org/2017/schedule/event/testing_with_volcanoes/
https://fosdem.org/2017/schedule/track/internet_of_things/
https://fosdem.org/2017/schedule/event/panopticon/
https://fosdem.org/2017/schedule/event/securing_qemu_guest/
https://fosdem.org/2017/

SMM training at WhiskeyCon

~ hucktech ~ Leave a comment

 

 

This course is for people who want to find out more information about the most privileged and mysterious operating mode of x86 processors: System Management Mode. You will learn what it actually is, how to get there and what can be done by an attacker once his code is executed in SMM. Are there SMM rootkits in the wild? How feasible it is to create such rootkit? Can a kernel mode antivirus or a hypervisor protect against attacks from SMM? Can SMM rootkit be detected using memory forensics? Can you put an ultimate antivirus in SMM to fight SMM and kernel mode rootkits? We will cover these topics in much detail. There will be many lab exercises which will help you to better understand the ideas and techniques. By the end of the course you will have a good understanding of SMM security principles. You will also have a hands-on experience with implementing and detecting SMM rootkits.

Look at the site for more about the author and the daily schedule.

Longkit: a UEFI/BIOS/SMM rootkit (at ICISSP’17)

~ hucktech ~ Leave a comment

ICISSP 2017, in Portugal, has an upcoming UEFI/BIOS/SMM rootkit presentation that sounds interesting:

Longkit: A UEFI/BIOS Rootkit in the System Management Mode. ICISSP 2017
Julian Rauchberger, Robert Luh, Sebastian Schrittwieser.

The theoretical threat of malware inside the BIOS or UEFI of a computer has been known for almost a decade. It has been demonstrated multiple times that exploiting the System Management Mode (SMM), an operating mode implemented in the x86 architecture and executed with high privileges, is an extremely powerful method for implanting persistent malware on computer systems. However, previous BIOS/UEFI malware concepts described in the literature often focused on proof-of-concept implementations and did not have the goal of demonstrating the full range of threats stemming from SMM malware. In this paper, we present Longkit, a novel framework for BIOS/UEFI malware in the SMM. Longkit is universal in nature, meaning it is fully written in position-independent assembly and thus also runs on other BIOS/UEFI implementations with minimal modifications. The framework fully supports the 64-bit Intel architecture and is memory-layout aware, enabling targeted interaction with the operating system’s kernel. With Longkit we are able to demonstrate the full potential of malicious code in the SMM and provide researchers of novel SMM malware detection strategies with an easily adaptable rootkit to help evaluate their methods.

http://www.icissp.org/

https://www.jrz-target.at/2016/12/22/paper-accepted-at-icissp-2017/

Yuriy to speak at REcon Brussels

~ hucktech ~ Leave a comment

 

https://recon.cx/2017/brussels/

33rd CCC

~ hucktech ~ Leave a comment

The 33rd Chaos Communication Congress (CCC) takes place in December in Germany. There are MANY great presentations, and CCC is great at making video archives available. Here’s a sample of a few of the presentations, starting with Trammell’s lecture on Heads:

Bootstraping a slightly more secure laptop
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8314.html

What could possibly go wrong with <insert x86 instruction here>?: Side effects include side-channel attacks and bypassing kernel ASLR
Clémentine Maurice and Moritz Lipp
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html

Untrusting the CPU: A proposal for secure computing in an age where we cannot trust our CPUs anymore
jaseg
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8014.html

Virtual Secure Boot: Secure Boot support in qemu, kvm and ovmf
Gerd Hoffmann
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8142.html

Full schedule:
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/schedule.html
https://events.ccc.de/congress/2016/wiki/Main_Page

My slides from BsidesPDX’16

~ hucktech ~ Leave a comment

I gave a brief presentation at Security BSides Portland (BsidesPDX) a few days ago. Title was “Firmware Tools for Security Researchers”. Since it was only a 20-minute time slot, I only had time to cover a few tools, and didn’t get a chance to mention other noteworthy tools. Sorry for the delay in uploading, returned from conference to a bit of post-storm damage at home.  PDF of slides are here:

bsidespdx2016

I’ve promised an ‘awesome-firmware-security’ set of links for a while, these slides are part of that effort, and will have a draft of this — with many more tools — in about 2 weeks.

I met a few people from the CHIPSEC team at BsidesPDX, which was an honor. I also got a few interesting questions from some smart attendees, and will be doing a few new blog posts on the things I learned at the event.

Seattle firmware presentation at DC206 Meeting this Sunday

~ hucktech ~ Leave a comment

Many cities have “DC<areacode>” groups, the local DEF CON community. The Seattle-area DC206 group is having it’s monthly meeting this Sunday, and is firmware-centric, in case you are in the Seattle-area.

An Introduction To Pulling Software From Flash via I2C, SPI and JTAG
by Matt DuHarte

This beginners talk is as jargon free as possible and a great introduction to the world inside all those little devices that make up our world.  Not every device we have makes it easy to see the software they run.  How do you analyze the firmware of a device that does not have a display or even a serial port?  Simple – pull the software directly from the flash on the device.  A new generation of simple and inexpensive hardware devices make it fast and easy.  This talk will introduce just enough of the protocols involved, the devices used to pull a firmware image and the software we use to modify the images and put them back. Following the talk there will be a hands on area for watching demonstrations and you to try your hand at pulling images off various devices.

Matt DuHarte is the Security Lead at a major networking hardware manufacturer but is still a software guy.  Matt is an avid BSides presenter in hardware topics like USB hacking and embedded electronics. He started doing electronics as a kid, later for a UGA and now does it because it is fun.  He is a firm believer that password brute forcing is for wimps and that it is easier to open the case, attach a few wires and ask hardware nicely in their own language to spill their secrets. Hardware likes him, except FPGAs, they say his timing is off.

http://blacklodgeresearch.org/
http://dc206.org/

What: October DC206 Meeting
When: October 16, 1pm-3pm
Where: Black Lodge Research (17725 NE 65th St, A-155; Evans Business Park, Building A); Redmond, WA 98052 USA

October 7-9, Berlin: coreboot.berlin event!

~ hucktech ~ Leave a comment

On the coreboot-announce list, Peter Stuge just announced the coreboot.berlin event happening NEXT WEEKEND, October 7-9:

SHORT NOTICE: coreboot.berlin next weekend, Oct. 7-9
Hello all, I’m happy to *finally* have the information and registration page online:
https://coreboot.berlin/
Yes, it’s very late, but I hope that we will still be a good number of people meeting up next weekend. Quick feedback helps me make sure that everyone will get food. If you are interested in attending, but unable to register at the Community Registration Fee cost then please get in touch with me, so that we can try to work something out. Thank you very much, and hope to see you in Berlin on the 7:th!

https://www.coreboot.org/pipermail/coreboot-announce/2016-September/000023.html

https://coreboot.berlin/

Linaro Connect

~ hucktech ~ Leave a comment

ARM’s Linaro Connect is happening. Click on their web page for live streaming.
In addition to all of the ARM topics, Brian Richardson, an Intel evangelist will be speaking about UEFI at this event. 🙂

 

http://connect.linaro.org/las16/

UEFI Fall plugfest schedule announced

~ hucktech ~ Leave a comment

More details for this:

Fall UEFI Forum plugfest is in September in Seattle

The details for the Fall UEFI Forum plugfest have been announced:

Out of Band BIOS Remote Management – AMI
This session will provide an overview of Out of Band BIOS remote management. The REST protocol, which allows for operations with server processes staging Out Of Band requests, can be layered on the platform interface with an integrated baseboard management controller (BMC) or with remote servers. UEFI provides extensive networking support for the pre-boot environment, including secure communication protocols like HTTPS. Checking for staged Out Of Band requests provides a highly manageable solution applicable to a variety of platform with or without a BMC.

Innovative Software Tools & Methods to Profile, Test and Optimize UEFI Firmware Improving Test Coverage and Debug Results – Kevin Davis, VP of Kernel Engineering, Insyde Software
How effective are your test tools for analyzing UEFI firmware applications? Learn how using key x86 processor capabilities and UEFI executable analysis, like Insyde’s tools can report exactly which lines of code were executed during boot.

Microsoft Security Built on UEFI Security 2.n (P1 and P2)
Attend this interactive session to learn about: The Hardware Security Test Interface (HSTI) v2, Customized Deployment of UEFI Secure Boot, including user mode, audit mode and deployment mode, Device Guard  and Credential Guard, VSM (Virtualization enabled by default), WSMT (Windows SMM Security Mitigations Table)

UEFI Network and Security Update – Vincent Zimmer, Sr. PE, Intel Corporation
How does the UEFI Forum evolve new capabilities for networking and security?  From business requirements to use-cases, threat models, and adjacent industry efforts, the Forum has evolved the footprint of capabilities in this area. This session will provide a brief history of features for networking and security, future areas of application and a depiction of how these technologies are evolving.

Update on TPM 2.0 Firmware Requirements – Dick Wilkins, Ph.D.  Phoenix Technologies Ltd.
As a follow-up to the last session at the UEFI Plugfest in Taipei, “The TPM 2.0 Specs Are Here, Now What?” the Trusted Computing Group (TCG) PC Client Working Group has incorporated several changes in their specifications, requiring updates to the functionality and the addition of new features. The updated TCG specifications will be ready for public review soon. Join this session to learn more about the upcoming enhancements and new requirements for these specifications.

More info:
http://uefi.org/events/upcoming

Open Source Hardware Camp 2016

~ hucktech ~ Leave a comment

What: Open Source Hardware Camp
When: On the 3rd September 2016, 09:00 Saturday morning – 16:00 on the Sunday afternoon
Where: The Birchcliffe Centre, Birchcliffe Road, Hebden Bridge, West Yorkshire, HX7 8DG, UK.
Cost: £10/day

Saturday talks:
* LabRTC — progress at the Open University on instant real-time control of lab hardware that’s half a world away
* Openly Educating the Next Generation of Engineers
* Indie Manufacturing
* Keeping your project on track
* Open Source and Feature Film Production
* The Things Network, a crowd sourced data network for the Internet of Things
* Kitnic.it – A registry for open hardware electronics projects
* Computer Controlled Heating System — cool use for a hot Pi
* Scaling IoT with Open Data
* Building a Smarter Island
* Making the Laser Light Synths
* Going Beyond the von Neumann Architecture with FPGAs

Sunday workshops:
* Getting started with FPGAs and Verilog using project IceStorm
* Develop your own long range sensor using Arduino and the Thing Innovations LoRaWAN Sensor development shield.
* Axiom 4K Open Source Camera demonstration
* Assembling the OSHCamp kit

Excerpts below taken from the announcement by Andrew Back on the OSHWA mailing list.

“Open Source Hardware Camp 2016 will take place place in the Pennine town of Hebden Bridge. For the third year running it is being hosted as part of the Wuthering Bytes technology festival. Tickets are priced at £10/day and this includes lunch. […] We currently have 12 talks and 4 workshops confirmed, with the possibility of one or two more. Covering a diverse range of topics, including laser light synths, LoRaWAN and The Things Network, open source digital cinema (includes Axiom 4K open hardware cinema camera demo/workshop), and iCE40 FPGA development with Yosys and LabRTC. I’m particularly looking forward to seeing the Axiom camera and getting hands-on with the Yosys and Arachne-pnr powered open source FPGA toolchain. […] As in previous years, there will be a social event on the Saturday evening and OSHCamp is once again being hosted to coincide with the Wuthering Bytes technology festival. You’re encouraged to check out the website for details of other participating events, as there may be some of interest. E.g. the annual GCC, GDB and friends developer conference, plus the first ever LLVM Cauldron!”

http://oshug.org/event/oshcamp2016

http://wutheringbytes.com/

http://lists.oshwa.org/pipermail/discuss/2016-July/001844.html

ORCONF 2016 announced

~ hucktech ~ Leave a comment

Julius Baxter has announced the 2016 ORCONF, the annual open source digital design conference, for October in Italy, excerpted announcement:

I’d like to announce ORCONF 2016, the annual open source digital design conference. This year we’re very pleased to be hosted by Davide Rossi and his group at the University of Bologna in Bologna, Italy over October 7th, 8th and 9th. As in previous years, we’re looking forward to bringing together those involved and interested in any facet of open source embedded systems engineering. We’d like to have a strong showing from the various open source communities and their projects that are out there, academia and their interesting research ideas that either directly or indirectly contribute to the open source hardware ecosystem, and commercial developers who either contribute or perhaps just have success stories to share about their use of, or collaboration with, open source hardware projects. The conference is being organised by the Free and Open Source Silicon Foundation (FOSSi) with help, of course, by our hosts at the University of Bologna. ORCONF will be free to attend, and we’d like to provide food and drinks during the day for attendees, amongst other things, and so are seeking sponsors for the event. Please get in touch if you’d like to sponsor us this year. Registration and presentation submission forms are now live. Please do register if you plan to attend.

Full announcement:
http://oshug.org/pipermail/oshug
More info:
http://orconf.org
http://goo.gl/forms/u6V54ay8P4i3wtXG2
http://goo.gl/forms/Nah5LH7cJWK1uQ6L2