events

Events

Binarly shares firmware security expertise around the world.

Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
August 6-11, 2022
Upcoming
Alex Matrosov, Alex Ermolov, Yegor Vasilenko, Sam Thomas

Summary

Vulnerabilities in System Management Mode (SMM) and more general UEFI applications/drivers (DXE) are receiving increased attention from security researchers. Over the last 9 months, the Binarly efiXplorer team disclosed 42 high-impact vulnerabilities related to SMM and DXE firmware components. But newer platforms have significantly increased the runtime mitigations in the UEFI firmware execution environment (including SMM). The new Intel platform firmware runtime mitigations reshaped the attack surface for SMM/DXE with new Intel Hardware Shield technologies applied below-the-OS.

Read more
Tackling Security Through the Supply Chain
May 17, 2022
Past
Alex Matrosov

Summary

The process of addressing a firmware security issue can be long and complex. This webinar will provide recommendations for moving security updates into the field fast and addresses in detail the release process of typical firmware security fixes, starting from the initial disclosure from third parties to the processes of addressing the issues with the affected firmware and impacted ODM & OEM teams, all the way to public disclosure.

Read more
The firmware supply-chain security is broken. Can we fix it?
May 11, 2022
Past
Alex Matrosov, Alex Ermolov

Summary

Nowadays, it's difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, ​we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

Read more
The firmware supply-chain security is broken. Can we fix it?
March 23, 2022
Past
Alex Matrosov

Summary

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

Read more
UEFI FIRMWARE VULNERABILITIES: PAST, PRESENT AND FUTURE
February 4, 2022
Past
Alex Matrosov, Alex Ermolov, Yegor Vasilenko

Summary

For any device, the supply chain is extremely complex and it plays a significant role in the platform security. The UEFI System Firmware relies heavily on its supply chain with many parties involved, including OBV, IBV, OEM etc. each following their own development lifecycle, mitigations policy and impacting different security models and update delivery timeline for endpoint devices.

Read more
Hunting And Reversing Uefi Firmware Implants
February 7, 2022
Past
Alex Matrosov

Summary

This 4-day course introduces students to real-world attack scenarios on devices powered by UEFI firmware. The course starts from low-level internals of modern operating systems boot process from the perspective of a security researcher interested in bootkits analysis, detection/forensics and vulnerability research. After the OS boot process, the course going down to the firmware, and discuss UEFI architecture and internals with focus on security researcher needs (include common vulnerabilities and design mistakes). The second part of the course focused on UEFI firmware implants (from hardware and firmware perspective), it’s cover threat modeling, attack surface, forensics, and reverse engineering. The course will build a mindset for hunting unknown firmware threats include the supply chain perspective.

Read more
The Evolution Of Threat Actors: Firmware Is The Next Frontier
December 2, 2021
Past
Alex Matrosov

Summary

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

Read more
The firmware supply-chain security is broken: can we fix it?
November 30, 2021
Past
Alex Matrosov, Alex Ermolov

Summary

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. Many of these components, including firmware, are outsourced to ODMs. As a result, this limits the ability of hardware vendors to have complete control over their hardware products. In addition to creating extra supply chain security risks, this also produces security gaps in the threat modeling process. Through this research, ​we wanted to raise awareness about the risks in the firmware supply chain and the complexity of fixing known vulnerabilities.

Read more
Veni, No Vidi, No Vici: Attacks on ETW blind EDRs
November 10, 2021
Past
Claudiu Teodorescu, Igor Korkin, Andrey Golchikov

Summary

Event Tracing for Windows (ETW) is a built-in feature, originally designed to perform software diagnostics, and nowadays ETW is essential for Endpoint Detection & Response (EDR) solutions.

Read more
Blind Spots Of Platform Security: Hardware And Firmware Challenges
November 5, 2021
Past
Alex Matrosov

Summary

Nowadays, it’s difficult to find any hardware vendor who develops all the components present in its products. The big piece of it outsourced to OEM’s includes firmware too. That creates additional complexity and limits to hardware vendors to have full control of their hardware products. That creates not only additional supply chain security risks but also produces security gaps in the threat modeling process by design. In most cases hardware vendors separate threat model and security boundaries for each hardware component present on the platform but in reality, it misses a lot of details which is directly reflected on platform security. In this talk, we will look over the prism hardware and firmware forensics with threat intelligence sauce.

Read more
Glitching RISC-V Chips: MTVEC Corruption For Hardening ISA
August 5, 2021
Past
Alex Matrosov

Summary

RISC-V is an open standard instruction set architecture (ISA) provided under open-source licenses that do not require fees to use. ISA is based on established reduced instruction set computer (RISC) principles. RISC-V has features to increase computer speed, while reducing cost and power use.

Read more
Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
August 4, 2021
Past
Alex Matrosov

Summary

The UEFI ecosystem is very complicated in terms of supply chain security where we have multiple parties involved in the firmware code development like Intel/AMD with its reference code, or AMI, Phoenix and Insyde with its core frameworks for system firmware development. The hardware platform vendor contributes less than 10% to the UEFI system firmware code base from all the code shipped to the customers. The reality is vulnerabilities can be discovered not just in the platform vendor codebase, but inside the reference code. This impact can be worse reflecting on the whole ecosystem. The patch cycles are different across vendors and these vulnerabilities can stay unpatched to endpoints for 6-9 months. Moreover, they can be patched differently between vendors making fix verification difficult and expensive.

Read more
efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
December 9, 2020
Past
Alex Matrosov, Yegor Vasilenko

Summary

Existing UEFI analysis instruments lack systemic approach to firmware vulnerability research focused on specifics of x86-based systems. No publicly known tools available for UEFI firmware vulnerabilities research focused on static analysis. Most of the common reversing tools focused on simplifying some reconstruction routines but not rebuilding the full picture based on firmware image. Previously, researchers have presented some work on statically analyzing UEFI firmware images at scale but more focused on misconfiguration issues (like Secure Boot not enabled or firmware update is not authenticated).

Read more
Static analysis-based recovery of service function calls in UEFI firmware
October 29, 2020
Past
Alex Matrosov, Yegor Vasilenko

Summary

Reversing #UEFI firmware requires a lot of background and knowledge about #firmware and understanding of #hardware before you can start hunting for vulnerabilities. With our new tool, we automatically recover services calls and EFI type info, so that a firmware code looks like original source.

Read more
How Efixplorer Helping To Solve Challenges In Reverse Engineering Of Uefi Firmware
August 19, 2020
Past
Alex Matrosov

Summary

Existing UEFI analysis instruments lack a systemic approach to firmware vulnerability research focused on specifics of x86-based systems. No publicly known tools available for UEFI firmware vulnerabilities research focused on static analysis. Most of the common reversing tools focused on simplifying some reconstruction routines but not rebuilding the full picture based on the firmware image. This webinar will be focusing on the discussion around existing UEFI RE plugins for Ghidra and IDA with an explanation of why we decide to start the work on efiXplorer (https://github.com/binarly-io/efiXplorer), what was missing on existing plugins.

Read more
Hardware Security Is Hard: How Hardware Boundaries Define Platform Security
August 4, 2020
Past
Alex Matrosov

Summary

Nowadays it’s difficult to find any hardware vendor who develops all the components present in their platform. The big piece of it outsourced to OEM’s includes firmware too. That creates additional complexity and limits hardware vendor control under the platform. That creates not only supply chain security risks but also produce security gaps in the threat modeling process by design.

Read more
Hardware Security Is Hard: How Hardware Boundaries Define Platform Security
August 11, 2020
Past
Alex Matrosov

Summary

Nowadays it's difficult to find any hardware vendor who develops all the components present in their platform. The big piece of it outsourced to OEM's includes firmware too. That creates additional complexity and limits hardware vendor control under the platform. That creates not only supply chain security risks but also produces security gaps in the threat modeling process by design.

Read more
Hunting Uefi Firmware Implants
January 22, 2020
Past
Alex Matrosov

Summary

This 3-day course introduces students to real-world attack scenarios on devices powered by UEFI firmware. The course starts from low-level internals of modern operating systems boot process from the perspective of a security researcher interested in bootkits analysis, detection/forensics and vulnerability research. After the OS boot process, the course going down to the firmware, and discuss UEFI architecture and internals with focus on security researcher needs (include common vulnerabilities and design mistakes). The second part of the course focused on UEFI firmware implants (from hardware and firmware perspective), it's cover threat modeling, attack surface, forensics, and reverse engineering. The course will build a mindset for hunting unknown firmware threats include the supply chain perspective.

Read more