Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Our
#BHUSA talk recording "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" is up! https://youtu.be/g-1Y466rDaI EC issue we found has a bigger impact from what we expected in the beginning https://support.lenovo.com/us/en/product_security/len-27764 … -
Cool research, demonstrate the problem of infinite trust to TPM. OS bootloaders don't have direct access to TPM, hooking EFI_TCG_PROTOCOL from custom bootloader can intercept a lot of sensitive info. Btw impacted vendors by
#BitLeaker based on AMI code ;-) https://twitter.com/kkamagui1/status/1202537831492661254 …pic.twitter.com/fRwc1Cnquc
-
A lot of cool stuff coming in our talk "Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller" at
#BHUSA Include interesting relations between EC and BIOS Guard. Also BG script interpreter located inside ACM module https://www.blackhat.com/us-19/briefings/schedule/index.html#breaking-through-another-side-bypassing-firmware-security-boundaries-from-embedded-controller-15902 …pic.twitter.com/Yf6pE0bgM0
-
My keynote slides "The Advanced Threats Evolution: REsearchers Arm Race" from
#OFFZONE released! The golden age of FW/HW implants is happening right now!! Honestly preparing these slides took more time than my usual research presentations :-) https://github.com/REhints/Publications/blob/master/Conferences/OFFZONE'2019/offzone2019_keynote_public.pdf …pic.twitter.com/kR2tJ36k2T
-
Embedded Controller (EC) is simple microcontroller in every laptop. Its update verification (if exist) in most of the cases happens outside of EC but for update process (read/write/erase) responsible EC itself. Only I see this critical security design issue? Stay tuned!
#BHUSApic.twitter.com/U5QCsHWGfL
-
Just received my ”Bootkits and Rootkits” copy :-) Looked on Ch15 ”Contemporary UEFI Bootkits” and Ch16 ”UEFI Firmware Vulnerabilities” on paper. It’s really impressive how much valuable information we packed only in those two chapters. Stay tuned http://bootkits.io is up!pic.twitter.com/SqS2P1vl90
-
Slides "Modern Secure Boot Attacks: Bypassing Hardware Root of Trust from Software" from
#BHASIA and#OPCDE2019 released! Lenovo keeps manufacturing mode Boot Guard "backdoor" to unlock DXE volume for arbitrary modifications. It fully breaks Secure Boot! https://github.com/REhints/Publications/blob/f1f305eff156267e194e941d32caf7cc2bfc053b/Conferences/Bypassing%20Hardware%20Root%20of%20Trust/BHASIA2019_matrosov_final.pdf …pic.twitter.com/GQVUPMD5fB
-
In 2012
@vxradius and myself have been done REconstruction of Flame framework to represent it as object-oriented platform https://www.welivesecurity.com/2012/08/02/flamer-analysis-framework-reconstruction/ … In the same time we figured out the relations between Stuxnet/Duqu/Flame as the unified development platform https://www.welivesecurity.com/2012/07/20/flame-in-depth-code-analysis-of-mssecmgr-ocx/ …pic.twitter.com/VhZc3N3YfM
Prikaži ovu nit -
All Computrace options Enable/Disable/Permanent Disable implemented fully in software over SMM drivers with LenovoSecuritySmiDispatcher orchestration (presented on
#offensivecon19) Basically "Permanent Disable" option is a joke and can be reactivated any time. Stay tuned!#BHASIApic.twitter.com/8ZJneLw6So
-
My
@offensive_con talk "Attacking Hardware Root of Trust from UEFI Firmware" on the next week. This research will also include the details of activation/deactivation Computrace/Lojack from OS without access to BIOS setup. It's no real option exist for permanent disabling!pic.twitter.com/jMgRAgKYZT
-
In "UEFI vulnerabilities classification focused on BIOS implant delivery", I try to create some sort of classification of different practical methods for UEFI firmware attacks with the final goal of persistent or non-persistent implant installation. https://medium.com/@matrosov/uefi-vulnerabilities-classification-4897596e60af …pic.twitter.com/jaaDyljsuN
-
New technique to bypass Intel Boot Guard implementation over PEI Loader specifics and not protected by Initial Boot Block PEI Raw file (can be modified). EDKII or AMI PEI Loader don't have authentication It's loads any discovered files with PE header in PEI section
@offensive_conpic.twitter.com/wc6AYb10Lg
-
Everybody cares about signed BIOS updates. When other firmwares like Intel Embedded Controller (EC) can get FW updates without any authorization on some recent hardware. EC have RW access to SPI flash storage and other interesting stuff for rootkits.
@offensive_conpic.twitter.com/D9Ww2AfpRu
-
It's a pleasure to be on
#ZeroNights stage again. This time for open the conference :)pic.twitter.com/A7nlrmzhRw
-
New release of UEFITool with support of visual validation coverage of Intel Boot Guard. https://github.com/LongSoft/UEFITool/commit/68df5a64a32c5283e0c939ba57b7bae62fff6de1 …pic.twitter.com/5FH8cML4jS
-
The video "The UEFI Firmware Rootkits: Myths and Reality" from
#BHASIA released! Include demo from docx to SMM :-)https://www.youtube.com/watch?v=P3yMXspLzoY … -
Nice! Lenovo patched my CVE-2017-3753 (SMM Privilege Escalation) which is affect all AMI-based Lenovo hardware. https://support.lenovo.com/us/en/product_security/LEN-14695 …pic.twitter.com/2nlCar1RsP
-
S3 rootkits coming! Just dropped a bomb for Intel Boot Guard (AMI version) about weak verification for transition PEI to DXE on sleep (S3)pic.twitter.com/cwKYCIhf6D
-
New
#ZeroNights art is amazing! CFP will be open shortly. Don't forget to submit. See you there in November ;) https://2017.zeronights.org/ pic.twitter.com/DneJ5iUxMh
-
Great RE stuff "Intel ME: The Way of Static Analysis" by
@_Dmit#TR17 blog: http://blog.ptsecurity.com/2017/04/intel-me-way-of-static-analysis.html … video:https://youtu.be/2_aokrfcoUk
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.