Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced x86: BIOS and System Management Mode Internals Introduction

Published byCatherine Tate Modified over 8 years ago

Similar presentations

Presentation on theme: "Advanced x86: BIOS and System Management Mode Internals Introduction"— Presentation transcript:

1 Advanced x86: BIOS and System Management Mode Internals Introduction
Xeno Kovah && Corey Kallenberg LegbaCore, LLC

2 All materials are licensed under a Creative Commons “Share Alike” license.
Attribution condition: You must indicate that derivative work "Is derived from Xeno Kovah's ’Introductory Intel x86: Assembly, Architecture, and Applications’ class" Attribution condition: You must indicate that derivative work "Is derived from Xeno Kovah & John Butterworth's ’Advanced Intel x86: BIOS and System Management Mode Internals"

3 Welcome x86 Machine Masters!!!
You are here!

4 “With great power loader suit, comes great responsibility”
US VS THEM! “With great power loader suit, comes great responsibility”

5 r0x0r Skill Tree Required Recommended Approved Intended Future
"PC deep system security & trusted computing" Recommended Approved Intended Future Intro Trusted Computing 2 day, Ariel Segall Intel SGX 2 day, Xeno Kovah Advanced x86: BIOS & SMM (System Management Mode) 2 day, John Butterworth YOU ARE HERE Advanced x86: Trusted Execution Technology (TXT) 2 day, Xeno Kovah Advanced x86: Virtualization 2 day, David Weinstein Intermediate x86 2 day, Xeno Kovah Stealth Malware 2 day, Xeno Kovah YOU TOOK THIS RIGHT? Intro x86-64 2 day, Xeno Kovah Life of Binaries 2 day, Xeno Kovah

6 About Us We do digital voodoo :)
Full time security researchers at MITRE since 2007 Leading and working on our own research ideas since 2009 Basically a bunch of people propose ideas, some get selected, and they get funded from overhead money (i.e. not paid for or directed by government funds) Started out working on trustworthy Windows kernel rootkit detection via memory integrity checking & timing-based attestation (“Checkmate”) Eventually got interested in BIOS/SMM level threats, and started working on them in earnest around 2011 By 2012, had our first custom extra-security BIOS based on our previous work By 2013, had our first BIOS exploit and a BIOS vulnerability/integrity checker (Copernicus) By 2014, had *lots* of BIOS exploits and a slightly more trustworthy Copernicus 2 Formed the LegbaCore security consultancy in Jan. 2015 Continue to specialize in low level security, from the Windows kernel and lower Papa Legba Hear My Call!

7 About Us Conferences, we’ve spoke at a few:
BlackHat USA , BlackHat EUR 2014, IEEE S&P 2012, ACM CCS 2013, Defcon 2012 & , CanSecWest , PacSec 2013, Hack in the Box KUL , Hack in the Box AMS , Microsoft BlueHat 2014, Syscan 2013, EkoParty 2013, BreakPoint & RuxCon , Shmoocon 2012, , Hack.lu , NoSuchCon 2013, SummerCon 2014, ToorCon 2013, DeepSec 2014, VirusBulletin 2014, MIRCon 2014, AusCERT 2014, Trusted Infrastructure Workshop 2013, NIST NICE Workshop 2013, DOD Information Assurance Symposium 2013, and MTEM 2013 Papa Legba Hear My Call!

8 About You What is your name?
(What do you want/hope to get out of the class?) Did you watch any of the prerequisite classes? :P Do you know C? What is your typical day-to-day job?

9 Course Goals Provide you a basic background in BIOS technologies
Very few people know anything about it. Knowledge is power :) Convince you that having unlocked BIOS is a really bad thing that can adversely affect the entire system during runtime Show you how to measure and interpret the results to understand if and how a system BIOS may be vulnerable Provide you a lot of hands-on examples when possible so you can “see” the effects Its such an abstract topic that provides very little visibility, I have sought to lift this veil Convince you that this problem IS solvable! Especially the information which we cover over these 2 days Introduce you to some forensics tools that can not only help you analyze and interpret whether a system BIOS is vulnerable, but also introduce you to some methods to analyze changes if you think a BIOS has been compromised There is still a lot of work to be done on the latter

10 Course Outline Day 1 BIOS Introduction Chipset basics
How to identify a chipset Boot process Overview Reset vector & BIOS Operating Environment PCI PCI Option ROM attacks System Management Mode (SMM) SMM attacks

11 Course Outline Day 2 BIOS flash (Serial Peripheral Interface (SPI) mostly) Flash chip access control vulnerabilities Introduction to UEFI Secure Boot & Measured Boot Forensic analysis of UEFI BIOS Reverse engineering BIOS files Trusted Computing technologies to try and detect BIOS attackers

Download ppt "Advanced x86: BIOS and System Management Mode Internals Introduction"

Similar presentations

Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang Department of Computer Science, North Carolina State University Xiaolan Zhang IBM T.J. Watson Research.

Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang Department of Computer Science, North Carolina State University Xiaolan Zhang IBM T.J. Watson Research.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
#RSAC SESSION ID: Xeno Kovah Corey Kallenberg Are you giving firmware attackers a free pass? HTA-F02 CTO & Co-Founder LegbaCore, CEO & Co-Founder.

#RSAC SESSION ID: Xeno Kovah Corey Kallenberg Are you giving firmware attackers a free pass? HTA-F02 CTO & Co-Founder LegbaCore, CEO & Co-Founder.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
1 i206: Distributed Computing Applications & Infrastructure 2012

1 i206: Distributed Computing Applications & Infrastructure 2012
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-018 - IE, Remote Execution.

PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
Information flow inside the computer IT skills: none IT concepts: computer components (input devices, output devices, memory, storage and CPU), program.

Information flow inside the computer IT skills: none IT concepts: computer components (input devices, output devices, memory, storage and CPU), program.
Presented by Boris Yurovitsky

Presented by Boris Yurovitsky
U-Boot Debug using CCSv5 In this session we will cover fundamentals necessary to use CCSv5 and a JTAG to debug a TI SDK-based U-Boot on an EVM platform.

U-Boot Debug using CCSv5 In this session we will cover fundamentals necessary to use CCSv5 and a JTAG to debug a TI SDK-based U-Boot on an EVM platform.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Host and Application Security Lesson 4: The Win32 Boot Process.

Host and Application Security Lesson 4: The Win32 Boot Process.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.

Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Training Security Nerds: Computum deos ab hominibus Xeno Kovah.

Training Security Nerds: Computum deos ab hominibus Xeno Kovah.
Introduction to Programming. Objectives Look at why we write programs Describe some things it takes to learn to be a programmer Discuss some important.

Introduction to Programming. Objectives Look at why we write programs Describe some things it takes to learn to be a programmer Discuss some important.
Cybersecurity nexus (CSX)

Cybersecurity nexus (CSX)
1 UCR Firmware Attacks and Security introduction.

1 UCR Firmware Attacks and Security introduction.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Similar presentations

Ads by Google