Alex Bazhaniuk

Critical vulnerabilities in Virtual Media SW stack in Supermicro BMC (X9-X11) opens servers to remote attack. 47k servers with their BMCs exposed to the Internet and using the relevant protocol.Details at @osfc_io https://osfc.io/talks/common-bmc-vulnerabilities-and-how-to-avoid-repeating-them … Great job @kc8apf https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/ …pic.twitter.com/K24L1IHnSV

Today at 3pm in #defcon2019 Track 1 @jessemichael & @HackingThings will present how vulnerabilities in signed kernel drivers can compomise platform security. Fundamental and reputable issues, many vendors affected: https://www.defcon.org/html/defcon-27/dc-27-speakers.html?utm_content=97300949&utm_medium=social&utm_source=twitter&hss_channel=tw-865342977442430978#Michael …pic.twitter.com/5Emh4m6rbG

We have expanded our training in firmware security to include material centered on best practices and limitations of incident response (IR) and forensics for firmware and hardware of the enterprise devices: https://www.ringzer0.training/system-firmware-attack-defense.html … https://twitter.com/ABazhaniuk/status/1151199381250400256 …pic.twitter.com/dUrWHafiuM

As part of our firmware security training we are providing information on the detection and limitations of implants such as Lojax (form APT28) along with methods for implementing an anti-evasion strategy: https://www.ringzer0.training/system-firmware-attack-defense.html … https://twitter.com/ABazhaniuk/status/1151199381250400256 …pic.twitter.com/tINl7S8Prp

.@jessemichael found 2 critical vulns in Vertiv/Avocent BMC FW which were used by at least 8 OEMs: https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/ … Many systems remain without fixes. None are patched for the lack of signature verification. Using 3rd party code increases attack surface & supply chain riskpic.twitter.com/BQBpja8NaV

We've heavily improved our firmware security training (changed/added 400+ slides)- including new details about ME/AMT vulnerabilities from recent years, new BMC vulnerabilities, & practical exercises in these and other topics: https://www.ringzer0.training/system-firmware-attack-defense.html …pic.twitter.com/reJMiLVqQN

In our latest research we demonstrate hardware/firmware risks with the whole concept of multi-tenancy in the cloud. It is a critical architecture vulnerability with bare metal cloud providers: https://eclypsium.com/2019/01/26/the-missing-security-primer-for-bare-metal-cloud-services/ … #firmware #cloud #baremetal #SoftLayer #BMC #cloudbornepic.twitter.com/N4NPyw8W2q

Our latest research regarding a critical architecture vulnerability with bare metal cloud providers.Attackers may have the ability to install an implant into BMC firmware and persist in cloud infrastructure after deprovisioning: https://eclypsium.com/2019/01/26/the-missing-security-primer-for-bare-metal-cloud-services/ … #firmware #baremetal #cloudpic.twitter.com/nh5NnOqohI

We published a new research about vulnerability in Supermicro BMCs (from X8 to X11 gen) which can be compromised from software to take full control (implant BMC or System Firmware) or even brick a system: https://blog.eclypsium.com/2018/09/06/insecure-firmware-updates-in-server-management-systems/ … with @jessemichael & @HackingThingspic.twitter.com/SKJAvRLI96

Summary of our latest research presented at #BlackHat2018 & #DEFCON conferences: https://blog.eclypsium.com/2018/08/27/uefi-remote-attacks/ … with @HackingThings and @jessemichaelpic.twitter.com/qN2020WjoD

Slides of "UEFI Exploitation for the Masses" #DEFCON26 talk. @HackingThings and @jessemichael showed how to debug exploits in UEFI system firmware: https://github.com/eclypsium/Publications/blob/master/2018/DEFCON26/DC26_UEFI_EXPLOITATION_MASSES_FINAL.pdf …pic.twitter.com/OjdsIkgtiD

Slides of our "Remotely Attacking System Firmware" #Blackhat2018 presentation. We demonstrated 100% reliable RCE exploit in the UEFI system firmware : https://github.com/eclypsium/Publications/blob/master/2018/BlackHat_USA_2018/BH2018_REMOTELY_ATACKING_SYSTEM_FIRMWARE_FINAL.pdf … // with @HackingThings @jessemichaelpic.twitter.com/L4WB8apPry

Don't miss our presentation "Remotely Attacking System Firmware" with @jessemichael & @HackingThings at #BlackHat2018 tomorrow 1:30pm in South Pacific F: https://www.blackhat.com/us-18/briefings/schedule/index.html#remotely-attacking-system-firmware-11588 …pic.twitter.com/ipZ85gjFVE

Awesome presentation with RCE on Cisco ASA: " Robin Hood vs Cisco ASA AnyConnect" from @saidelike at @reconbrx https://recon.cx/2018/brussels/talks/cisco.html …pic.twitter.com/RbVtJ9POQ4

Great talk by @iodboi @bruienne about Mac efi security at #eko13. Awesome research : https://t.co/16OMt2bUL0?amp=1 https://www.ekoparty.org/charla.php?id=798 …pic.twitter.com/URXbPzesQg

. @kutyacica very cool talk about reverse engineering of samsung trustzone at #eko13 : https://www.ekoparty.org/charla.php?id=756 …pic.twitter.com/wSSFXJvWWF

Our #BHUSA slides: Blue Pill for Your Phone - exploiting ARM hypervisor on Snapdragon 808/810 based phones https://github.com/abazhaniuk/Publications/blob/master/2017/BlackHat_USA_2017/us-17-Bazhaniuk-Bulygin-BluePill-for-Your-Phone.pdf … //@c7zeropic.twitter.com/1SQ57olv3G

Slides of our "Fractured Backbone:Breaking Modern OS Defenses with Firmware Attacks" #BHUSA presentation: https://www.blackhat.com/docs/us-17/wednesday/us-17-Bulygin-Fractured-Backbone-Breaking-Modern-OS-Defenses-With-Firmware-Attacks.pdf … // @c7zeropic.twitter.com/cMNiwVsT2z

Wow! Look what i found during BIOS whitelist creation from vendors images: BackDoor modules.Looks interesting. Need more time for RE imagespic.twitter.com/IaIEUsoQpf