Slides for coreboot/UEFI talk from REcon available





Alex leaves Intel ATR!

Wow, Alex Matrosov is leaving Intel Advanced Threat Research (ATR).

As I understand it, he is one of the CHIPSEC team. I hope the project can handle his loss.

It is unclear what he’ll be doing next. Maybe he’ll be joining Apple?  They are hiring all the great researchers…)



CHIPSEC 1.2.3 released!

Excerpt of CHIPSEC 1.2.3 release notes:

New/updated modules:
* tools.vmm.vbox_crash_apicbase — test for CVE-2015-0377
* udated common.bios_ts, common.uefi.s3bootscript, remap
* added template config file smm_config.ini for tools.smm.smm_ptr SMI fuzzer
* added template config file te.cfg for tools.secureboot.te tool

New/improved functionality:
* Added basic TPM access and TPM 1.2 support
        hal/tpm.py and hal/tpm12_commands.py HAL components
* Added basic Embedded Controller (EC) support
        hal/ec.py HAL component and chipsec_util ec util
* Added processing of x86 paging hierarchy
        hal/paging.py and hal/cpu.py HAL components and chipsec_util cpu pt util
* Added processing of Second Level Address Translation paging hierarchy (EPT)
        hal/vmm.py HAL component and chipsec_util vmm pt util
* Added processing of IOMMU (VT-d) paging hierarchy
        hal/iommu.py HAL component and chipsec_util iommu pt util
* Basic support for hypervisor hypercall interfaces
        hal/vmm.py HAL component and chipsec_util vmm hypercall util
* Added message bus interface for Atom SoC (Linux)
        hal/msgbus.py HAL component and chipsec_util msgbus util
* CPUID functionality moved from hal/cpuid.py to hal/cpu.py HAL component
        Use chipsec_util cpu cpuid util
* Added parsing of RAW images in UEFI firmware volumes
* Updated smbus and SPD HAL components to use XML config
* Added qrk.xml configuration file for Quark CPUs, updated configuration for Haswell Server (hsx.xml)
* Fixed location of MMCFG in server platforms. Results from prior versions may need to be recollected on server platforms.

See full release notes for list of bugfixes.



DarkReading article on firmware protection

Yuriy and John of the Intel CHIPSEC team are quoted in a new Dark Reading article on firmware security.

[…] Yuriy Bulygin and John Loucaides, security researchers at Intel Security, point out that hackers attack firmware because they know many security and IT managers aren’t paying attention to it. They say security teams are so overwhelmed by the prevailing threat landscape, that they have their hands full just deploying the basics, like firewalls, intrusion prevention systems and sandboxes. […]



Intel ATR site updates it’s research on web site

Intel Advanced Threat Research (ATR) is home of the CHIPSEC team. They just updated their web site with more presentation archives.



BIOS analysis presentation at Analyze 2016

Analyze 2016 takes place in March in San Francisco. It is a “Security community event for malware and exploit analysis research”. Amongst the presentations is one on BIOS analysis by two of the Intel Advanced Threat Research (ATR) team!

Tom Bennett – Whose RAT Is It Anyways?
Aaron Shelmire – Sections, Segments, and Functions, oh my! Hashing your way to analytical shortcuts.
Edward Miles – Making sense of ProGuard’s mess
Oleksandr Bazhaniuk/Yuriy Bulygin – Different methods of BIOS analysis: Static, Dynamic and Symbolic execution
Darren Spruell – Malicious Traffic Distribution: Tactics and Response
Rick Wesson – Static Malware Analysis on GPUs
Chip McSweeney – DGA Antivenom: Stopping new configurations before analysis
Jing Xie – Risks of iOS Remote Hot-Patching
Alexander Matrosov – Distributing the reconstruction of IR for large scale malware analysis
http://www.analyze.cc/Waylon Grange – Wherefore by their crypto ye shall know them
Armin Buescher – Sanzoku APT