Exploring Your System Deeper [with CHIPSEC] is Not Naughty

More documents

Recommendations

Info

6 Why Attack Firmware? ‣ Getting extreme pers<strong>is</strong>tence ‣ Getting stealth ‣ Bypassing OS or VMM based security ‣ Having unobstructed access to hardware ‣ OS independent ‣ Making the system unbootable
Some In-the-wild Firmware Attacks ‣ Mebromi BIOS rootkit ‣ EQUATION Group HDD firmware malware ‣ ] Hacking Team [ UEFI rootkit ‣ Vault 7 Mac EFI implants (DerStarke/DarkMatter, Sonic Screwdriver)
Page 1 and 2: Exploring Your System Deeper [with
Page 3 and 4: Intro to firmware security
Page 5: Firmware Everywhere ‣ GBe NIC, Wi
Page 9 and 10: Finding Vulnerabilities in System F
Page 11 and 12: Example: exploiting flash protectio
Page 13 and 14: Testing S3 Vulnerabilities ‣ Vali
Page 15 and 16: Vulnerabilities in SMM of UEFI Firm
Page 17: Finding SMM “Pointer” vulnerabi
Page 20 and 21: Example: MMIO BAR Issues in Coreboo
Page 22 and 23: Monitoring changes in USB MMIO BAR
Page 24 and 25: Windows 10 Virtualization Based Sec
Page 26 and 27: Checking Hardware Protections
Page 28 and 29: Example: SMM Protections - Memory S
Page 30 and 31: Integrated Graphics Aperture Access
Page 32 and 33: Finding “Problems” With the Fir
Page 34 and 35: ]HackingTeam[ UEFI Rootkit
Page 36 and 37: ]HackingTeam[ UEFI Rootkit • The
Page 38 and 39: PoC SmmBackdoor by Dmytro Oleksiuk
Page 40: Where to Start From? Firmware Acqui
Page 43 and 44: Generating Whitelist… chipsec_mai
Page 45 and 46: Verifying Mac EFI whitelist on Mac
Page 47 and 48: Blacklist Example (in JSON format)
Page 49 and 50: Extracting EFI Executables from UEF
Page 51 and 52: Tools Other great tools to extract
Page 53 and 54: Firmware Artifacts 8. Settings stor
Page 55 and 56: Extracting EFI Configuration (on a
Page 57 and 58:
Locating UEFI System Table & Runtim
Page 59 and 60:
Locating ACPI Tables… chipsec_uti
Page 61 and 62:
Fuzzing and exploring hypervisors
Page 63 and 64:
Example: Crashing Xen Host by Unpri
Page 65 and 66:
Issues in MSR Hypervisor Emulation
Page 67 and 68:
Example: VENOM Vulnerability VENOM
Page 69 and 70:
Example: Dom0 to Xen Exploit via S3
Page 71 and 72:
Extracting VMM Artifacts: Extended
Page 73:
Thank You!
show all

Exploring Your System Deeper [with CHIPSEC] is Not Naughty

Create successful ePaper yourself

Delete template?

Save as template?