Hardware security at Security B-Sides Seattle

February 2, 2016 ~ hucktech ~ Leave a comment

Talks have been posted! https://t.co/E9ZC7qNKfk #bsidesseattle kick ass goodness . Workshops postd, data coming out. sry for delays

— Bsidesseattle (@bsidesseattle) January 29, 2016

My trainings:@bsidesseattle 2h: https://t.co/Pg4fdiPI1J @CanSecWest 2d: https://t.co/N1C6COL6yc @BlackHatEvents 4d: https://t.co/AyiQyhxpOF

— Joe Fitz (@securelyfitz) January 29, 2016

This month is B-Sides Seattle, and there are 3 hardware workshops (Attacking USB, JTAG, and Arduino) one by Joe (SecurelyFitz) and two by Matt (CryptoMonkey):

http://www.securitybsides.com/w/page/103147483/BsidesSeattle2015
https://www.eventbrite.com/e/bsides-seattle-2016-tickets-19822367234

I'll be running Hands-on JTAG for Fun and Root shells at @bsidesseattle, check it out: https://t.co/Pg4fdiPI1J pic.twitter.com/L9ipwMAtkB

— Joe Fitz (@securelyfitz) January 29, 2016

I think I heard Matt say this was the last time he was offering this Attacking USB training…

Note that Joe also has training at CanSecWest and Black Hat, in addition to B-Sides Seattle..
https://www.blackhat.com/us-16/training/applied-physical-attacks-on-x86-systems.html
https://cansecwest.com/dojos/2016/advanced_hardware.html

sigrok update

January 30, 2016 ~ hucktech ~ Leave a comment

Thanks to JoeFitz at SecuringHardware.com for showing me about the libsigrok project!

Major new sigrok releases: libsigrok 0.4.0, libsigrokdecode 0.4.0, sigrok-cli 0.6.0, PulseView 0.3.0. https://t.co/u4oOV8ElUY

— sigrok (@sigrokproject) January 30, 2016

New supported devices in libsigrok:

* Logic analyzers: AKIP-9101, BeagleLogic, LeCroy LogicStudio, mcupro Logic16 clone, Pipistrello OLS, SysClk LWLA1016
* Oscilloscopes: Rigol/Agilent DS1000Z series, Yokogawa DLM2000 series, Yokogawa DL9000 series, Hung-Chang DSO-2100, GW Instek GDS-800
* Multimeters: Agilent U1241A/B, Agilent U1242A/B, Brymen BM25x series, MASTECH MS8250B, Metrahit 16T/16U/KMM2002, PeakTech 3415, Tenma 72-7730/72-7732/72-9380A, Testo 435-4, UNI-T UT372, UNI-T UT71A/B/C/D/E, * * Velleman DVM4100, Voltcraft VC-870/VC-920/VC-940/VC-960
* Programmable power supplies: Fluke/Philips PM2800 series, HP 663xx series, Manson HCS-3xxx series, Motech LPS-30x series, Rigol DP800 series, Korad KAxxxxP series (a.k.a Velleman LABPS3005D and others)
* AC/DC sources: Agilent N5700A series (DC sources), Chroma 61600 series (AC sources), Chroma 62000 series (DC sources)
* Electronic loads: Maynuo M97 (and compatibles)
* LCR meters: DER EE DE-5000
* Scales: KERN EW 6200-2NM
* BeagleBone Black capes: BayLibre ACME (revA and revB)

http://sigrok.org/

https://www.sigrok.org/blog/major-sigrok-releases-libsigrok-libsigrokdecode-sigrok-cli-pulseview

Joe Fitzpatrick joins Xipiter

July 31, 2015 ~ hucktech ~ Leave a comment

I didn’t know about this company until today. It looks like Joe Fitzpatrick of SecuringHardware is or soon will be joining them:

https://twitter.com/XipiterSec/status/616275086652235776

It appears Xipiter does security training, including Intel- and ARM-based hardware-level courses, including at upcoming DEF CON. They appear to have an upcoming Android course in the works, related to the Wiley Android Hacker’s Handbook, which has a nice chapter on ARM firmware hacking. They have other services besides training, and some hardware products as well.

http://www.xipiter.com/
http://www.xipiter.com/team.html
http://www.xipiter.com/training.html

Tweets by XipiterSec

Tweets by securelyfitz

http://securinghardware.com/

DEF CON 23

July 28, 2015 ~ hucktech ~ Leave a comment

In DEF CON is happening shortly, or maybe it’s cancelled, I’m not sure. 🙂 Two talks immediately jump out:

ThunderStrike 2: Sith Strike

Trammel Hudson Vice President, Two Sigma Investments
Xeno Kovah Co-founder, LegbaCore, LLC
Corey Kallenberg Co-Founder, LegbaCore, LLC

The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac’s are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.

and:

Attacking Hypervisors Using Firmware and Hardware

Yuriy Bulygin Advanced Threat Research, Intel Security
Mikhail Gorobets Advanced Threat Research, Intel Security
Alexander Matrosov Advanced Threat Research, Intel Security
Oleksandr Bazhaniuk Advanced Threat Research, Intel Security
Andrew Furtak Security Researcher

In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines. We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware.

And that’s just the ‘tip of the iceberg, for talks… Teddy Reed (author of UEFI Firmware Parser) has a talk. Joe FitzPatrick (of SecuringHardware.com) has a talk. There’s a talk on hardware side-channel attacks, one on BadUSB-like security, one on hardware trust, on medical device security, and a few other firmware-related talks, around 31 hits to ‘firmware’ in the schedule! Amongst the Workshops, there are some fun ones, including: ARM for pentesters, and Embedded System Design. In the Villages, the Hardware Hacking Village and the IoT Village sound interesting.

More Information:
https://www.defcon.org/html/defcon-23/dc-23-schedule.html

Tweets by _defcon_

https://plus.google.com/+DefconOrgplus/posts
https://www.defcon.org/html/links/dc-goons.html

SecuringHardware.com courses

June 5, 2015 ~ hucktech ~ Leave a comment

I just became aware of another training resource for hardware security: Portland, Oregon-based Hardware Security Resources, LLC, run by Joe FitzPatrick.

“Before starting SecuringHardware.com, he was a Security Researcher with Intel’s Security Center of Excellence where he conducted hardware penetration testing of desktop and server microprocessors, as well as security validation training for functional validators worldwide.”

I hope I get to see some of this training, the course catalog looks impressive!

More Information:

https://securinghardware.com/course-catalog/