We’ll be demonstrated a much more powerful and feature complete release of fwaudit at Black Hat USA in August. We may merge some changes in with the public branch before then - keep an eye on:
PreOS Security is happy to announce the very first release of our GPL firmware security tool firmware audit, aka: fwaudit. You can download it from Github here:
What is a UEFI Plugfest? Organized by the UEFI Forum, plugfests are the biannual events at which stakeholders in the UEFI ecosystem can test the interoperability of their UEFI implementations. This includes everyone from manufacturers, independent BIOS vendors and PCIe card manufacturers to operating system vendors - including open source.
Lee Fisher, our CTO will be speaking at BSides Seattle, which actually takes place in Redmond on the Microsoft campus. Tickets are all sold out, but you can join the waitlist to see if tickets become available.
Brakeing Security has posted the podcast with our interview: http://brakeingsecurity.com/2017-special004-source-conference-seattle-2017
PreOS attended and spoke at SOURCE Seattle 2017 in Bellevue, October 5th & 6th. Lee presented a one-hour summary talk version of our half-day hands-on tutorial on firmware security. Slides are available: https://firmwaresecurity.files.wordpress.com/2017/10/srcsea17.pdf
PreOS attended and spoke at SeaGL 2017 in Seattle October 6th & 7th. Paul presented a version of Lee’s talk at SOURCE Seattle (blog post upcoming) titled “Detecting BadBIOS, Evil Maids, Bootkits, and Other Firmware Malware” https://osem.seagl.org/conferences/seagl2017/program/proposals/374.
<Note: We’re going to try and post a blog entry for major firmware vulnerabilities that impact enterprises, and the recent Intel AMT vulnerability seems like a good place to start.>
I attended LISA 2016 in Boston primarily to staff the exhibit hall booth for the League of Professional System Administrators (LOPSA, http://lopsa.org). While I was there I took advantage of the opportunity to talk to a large number of system and network administrators, devops, system engineers and other IT professionals. Unsurprisingly, as a group USENIX attendees were fairly aware of firmware security issues, and various exploits that have been mentioned at security oriented conferences. More importantly, firwmare level security is seen as an underserved area - a problem without many solutions available.
We are offering a training at [LOPSA Cascadia IT Conference]http://casitconf.org on Friday March 10th in Seattle, titled “Defending System Firmware.”
Lee Fisher will be giving a talk at BSides PDX on Saturday morning, October 15. His talk is in the track “Security & Usability for *Ops” moderated by Marie VanCleave. Lee has presented at BSides PDX before, giving a multi-hour tutorial on various firmware security tools. This year his talk is titled “Firmware tools for Security Researchers.” Be sure and attend to get current information on firmware level tools and how to use them.
The personal blog of our CTO, Lee Fisher will probably be well known to many of you: http://firmwaresecurity.com . All of us, including Lee will be blogging in this space on topics aimed more directly at our customers and and partners.