blog

REsearch Blog

Innovative Technology Would Not Be Possible Without In-depth REsearch

Firmware Supply Chain Company Binarly Raises $3.6 Million from Westwave Capital, Acrobator Ventures
June 22, 2022
Binarly
Binarly Team

Every startup, like a story, has its own beginning. Binarly started with a simple idea to gain more visibility into firmware through binary code analysis and change the cybersecurity industry’s approach to managing the firmware threat landscape.

Read more
FwHunt The Next Chapter: Firmware Threat Detection at Scale
June 2, 2022
Binarly Platform
Binarly Team

Almost a year ago, while describing our company mission and the limitations of available solutions for detecting firmware threats, we discussed our initial vision around binary code inspection for detecting firmware threats and vulnerabilities (See: Why Firmware Integrity Is Insufficient For Effective Threat Detection And Hunting).

Read more
Repeatable Failures: AMI UsbRt - Six years later, firmware attack vector still affect millions of enterprise devices
March 21, 2022
Vulnerability Research
efiXplorer Team

A month ago, Binarly’s security research team managed the coordinated disclosure of 16 high impact vulnerabilities in HP devices and 23 additional security defects impacting major enterprise vendors. In less than a year, Binarly disclosed 42 high severity vulnerabilities haunting the UEFI firmware ecosystem, all serious enough to cause arbitrary code execution in System Management Mode (SMM).

Read more
Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered in HP Devices
March 8, 2022
Vulnerability Research
efiXplorer Team

Today, Binarly’s security research lab announced the discovery and coordinated disclosure of 16 high-severity vulnerabilities in various implementations of UEFI firmware affecting multiple enterprise products from HP, including laptops, desktops, point-of-sale systems, and edge computing nodes.

Read more
An In-Depth Look at the 23 High-Impact Vulnerabilities
February 1, 2022
Vulnerability Research
efiXplorer Team

In our previous blog “The Firmware Supply Chain Security is broken Can we fix it”, we delved deep into the challenges of the firmware ecosystem by introducing the supply chain "race condition" paradigm.

Read more
A deeper UEFI dive into MoonBounce
January 21, 2022
MoonBounce
Binarly Team

After uncovering FinSpy several months ago, an APT threat targeting UEFI bootloaders, in the morning of January 20th 2022, Kaspersky Lab has released a new report on their latest discovery, a very interesting UEFI firmware threat dubbed MoonBounce.

Read more
The Firmware Supply-Chain Security is broken: Can we fix it?
December 27, 2021
Binarly Platform
Binarly Team

At the beginning of December, Binarly was very active in spreading the word about the problems in the firmware supply chain ecosystem at multiple security conferences. Alex Matrosov, the Binarly CEO, gave a keynote entitled “The Evolution of Threat Actors: Firmware is the Next Frontier” at AVAR conference in which he focused on the evolving threats coming from historically overlooked places below the operating system.

Read more
Design issues of modern EDRs: bypassing ETW-based solutions
November 15, 2021
Black Hat
Binarly Team

As experts in firmware security, the Binarly team is frequently asked why endpoint solutions can’t detect threats originating below the operating system such as firmware implant payloads. Unfortunately, the problem requires a more complex approach and the modern architecture of Endpoint Detection & Response (EDR) solutions are weak against generic attack patterns.

Read more
Design issues of modern EDRs: bypassing ETW-based solutions
November 15, 2021
Black Hat
Binarly Team

As experts in firmware security, the Binarly team is frequently asked why endpoint solutions can’t detect threats originating below the operating system such as firmware implant payloads. Unfortunately, the problem requires a more complex approach and the modern architecture of Endpoint Detection & Response (EDR) solutions are weak against generic attack patterns.

Read more
Detecting Firmware vulnerabilities at scale: Intel BSSA DFT case study
September 14, 2021
FwHunt
Binarly Team

In our previous two blogs, Firmware Supply Chain is Hard(coded) and Attacking (pre)EFI Ecosystem, we described in detail four high severity vulnerabilities that impacted the UEFI system firmware and put a large number of enterprise devices at high risk.

Read more
Attacking (pre)EFI Ecosystem
September 10, 2021
Black Hat
Binarly Team

At Black Hat USA 2021, Binarly CEO Alex Matrosov jointly presented with Nvidia security researchers Alex Tereshkin and Adam 'pi3' Zabrocki their findings in the “Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)” talk, highlighting five high severity vulnerabilities that affected the whole UEFI ecosystem.

Read more
Firmware Supply Chain is Hard(coded)
August 20, 2021
Black Hat
Binarly Team

At Black Hat USA 2021, Binarly CEO Alex Matrosov jointly presented with Nvidia security researchers Alex Tereshkin and Adam 'pi3' Zabrocki their findings in the “Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)” talk, highlighting five high severity vulnerabilities that affected the whole UEFI ecosystem.

Read more
The list of highest-rated books for Malware Analysts features “Rootkits and Bootkits”
August 12, 2021
Rootkits and Bootkits
Binarly Team

Today we are pleased to announce that "Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats" book by Alex Matrosov, Eugene Rodionov and Sergey Bratus has been featured in the Highest-Rated Books for Malware Analysts Available on Amazon.

Read more
The list of highest-rated books for Malware Analysts features “Rootkits and Bootkits”
August 12, 2021
Rootkits and Bootkits
Binarly Team

Today we are pleased to announce that "Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats" book by Alex Matrosov, Eugene Rodionov and Sergey Bratus has been featured in the Highest-Rated Books for Malware Analysts Available on Amazon.

Read more
Why Firmware Integrity is Insufficient for Effective Threat Detection and Hunting
August 02, 2021
Threat Hunting
Binarly Team

Currently, integrity checking is the standard methodology for firmware security validation and threat detection. This article details the different scenarios where firmware integrity is necessary, but insufficient from the threat analysis and incident response perspective.

Read more
Breaking through another Side: Bypassing Firmware Security Boundaries
July 14, 2021
UEFI
Alex Matrosov

This blog post describes my joint research with Alexandre Gazet that culminated with us presenting the “Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller” (slides) talk at BlackHat 2019 Conference in Las Vegas. Our REsearch focused on the Embedded Controller security and Intel BIOS Guard technology implementation in Lenovo Thinkpad BIOS and took around 5 month of our spare time.

Read more
Who Watches BIOS Watchers?
July 12, 2021
UEFI
Alex Matrosov

At the last Black Hat event in Vegas, I presented the first publicly known concept of an attack on a specific implementation of Intel Boot Guard technology - technology that is mostly undocumented. While I was working on this research one thought bothered me: the specification of a technology can be almost perfect, but after all, the implementation part is done by third-parties and it is challenging to maintain proper level security in this case. Intel Boot Guard is an excellent example of a complex technology where there are places where making a small mistake allows an attacker to bypass the security of the entire technology.

Read more