NSA has changed Ghidra from freeware to open source software.
https://github.com/NationalSecurityAgency/ghidra
https://github.com/NationalSecurityAgency/ghidra/commits/master
Tag: NSA
NSA releases Ghidra, a software reverse engineering (SRE) framework
https://ghidra-sre.org/
https://www.nsa.gov/resources/everyone/ghidra/
https://ghidra-sre.org/CheatSheet.html
https://ghidra-sre.org/InstallationGuide.html
https://github.com/NationalSecurityAgency/ghidra/wiki/Frequently-asked-questions
Hmm, there is a release on their web site, but none on the Github Releases page….
https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip
NSA Hardware and Firmware Security Guidance: updated
Re: https://firmwaresecurity.com/2018/10/17/nsa-cybersecurity-hardware-and-firmware-security-guidance/
First update in over 6 months just happened.
https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
NSA UEFI Lockdown Quick Guidance
UEFI Lockdown Quick Guidance
https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/cfs-u-oo-111747-18.cfm
UEFI Advantages Over Legacy Mode
https://apps.nsa.gov/iaarchive/library/ia-guidance/security-tips/uefi_lockdown_quick_guidance.cfm
NSA Cybersecurity: Hardware and Firmware Security Guidance
This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for Spectre and Meltdown. The repository is a companion to a forthcoming Information Assurance Advisory Updated Guidance for Spectre and Meltdown Vulnerabilities Affecting Modern Processors. This advisory will be an update to the previously issued advisory Vulnerabilties Affecting Modern Processors.
https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
[Last updated in the Summer. I am pretty sure I included a link to this during the early Spectre/Meltdown posts, but can’t find it, and it is a bit more useful beyond Spectre/Meltdown.]
Multiple flash/BIOS chips in Equation Group stash
If you haven’t been following the news, Equation Group is getting a lot of press:
https://www.schneier.com/blog/archives/2016/08/major_nsaequati.html
From a firmware perspective, it looks like there are multiple tools in that collection:
Pinczakko’s old NSA BIOS backdoor articles
Linux Security Summit 2015 proceedings available
As part of LinuxCon North America, the Linux Security Summit recently finished, and presentations are now available (I omitted the few talks which had no presentations from below list):
* Keynote: Giant Bags of Mostly Water – Securing your IT Infrastructure by Securing your Team, Konstantin Ryabitsev, Linux Foundation
* CC3: An Identity Attested Linux Security Supervisor Architecture, Greg Wettstein, IDfusion
* SELinux in Android Lollipop and Android M, Stephen Smalley, NSA
* Discussion: Rethinking Audit, Paul Moore, Red Hat
* Assembling Secure OS Images, Elena Reshetova, Intel
* Linux and Mobile Device Encryption, Paul Lawrence, Mike Halcrow, Google
* Discussion: Core Infrastructure Initiative, Emily Ratliff, Linux Foundation
* Security Framework for Constraining Application Privileges, Lukasz Wojciechowski, Samsung
* IMA/EVM: Real Applications for Embedded Networking Systems, Petko Manolov, Konsulko Group, Mark Baushke, Juniper Networks
* Ioctl Command Whitelisting in SELinux, Jeffrey Vander Stoep, Google
* IMA/EVM on Android Device, Dmitry Kasatkin, Huawei Technologies
* Subsystem Update: Smack, Casey Schaufler, Intel
* Subsystem Update: AppArmor, John Johansen, Canonical
* Subsystem Update: Integrity, Mimi Zohar, IBM
* Subsystem Update: SELinux, Paul Moore, Red Hat
* Subsystem Update: Capabilities, Serge Hallyn, Canonical
* Subsystem Update: Seccomp, Kees Cook, Google
* Discussion: LSM Stacking Next Steps, Casey Schaufler, Intel
http://kernsec.org/wiki/index.php/Linux_Security_Summit_2015/Schedule
Firmware Security 