Lee & Paul will be at BSides PDX 2018 Fri Oct 26th giving a hands-on workshop titled “Detecting Evil Maid Firmware Attacks” https://bsidespdx.org/events/2018/workshops.html#Evil%20Maid.

Summary:

Firmware is software that controls the hardware; firmware-based malware (bootkits, firmworms, etc.) has very low-level system access, even while the system is powered off, and is invisible to most security tools. This workshop gives an introduction to platform firmware security, for DFIR professionals responsible for protecting critical infrastructure. Beginning with an introduction to the technologies (UEFI, ACPI, SMM, BMC, Redfish, etc.), the threats, available open source tools, and guidance and best practices, and the latest NIST firmware security lifecycle guidance. The presentation will cover and the lab will use tools like CHIPSEC, UEFITool, UEFIDump, FirmWare Test Suite, ACPIdump, and other open source tools to obtain diagnostic and security information – and ‘blobs’ from the firmware. We will demonstrate how our open source software Firmware Audit (fwaudit) can be used to assist with automation and logging and forensics, and our cloud service for storage and centralized analysis. We’ll be using a Linux VM, participants who want to run workshop labs will need a laptop with VirtualBox installed.

–

Immediately after the PreOS workshop, Intel will be presenting their workshop on “UEFI and CHIPSEC development for Security Researchers” https://bsidespdx.org/events/2018/workshops.html#Chipsec

Highly recommended!