© recon.cx 2005-2015
  • home
  • conference
  • training
  • schedule
  • cfp
  • sponsors
  • travel
  • archives
  • contact

Recon 2015 Schedule

  • Schedule
  • Speakers
  • Events
  • iCalendar
  • -
  • xCal
  • -
  • XML
  • -
  • JSON


lecture: Attacking and Defending BIOS in 2015

Event_large

In this presentation we will demonstrate multiple types of recently discovered BIOS vulnerabilities. We will detail how hardware configuration is restored upon resume from sleep and how BIOS can be attacked when waking up from sleep using "S3 resume boot script" vulnerabilities. Similarly, we will discuss the impact of insufficient protection of persistent configuration data in non-volatile storage and more. We'll also describe how to extract contents of SMRAM using above vulnerabilities and advanced methods such as Graphics aperture DMA to further perform analysis of the SMM code that would otherwise be protected. Additionally, we will detail "SMI input pointer" and other new types of vulnerabilities specific to SMI handlers. Finally, we will describe how each class of issues is mitigated as a whole and introduce new modules to CHIPSEC framework to test systems for these types of issues.

Info

Day: 2015-06-20
Start time: 10:00
Duration: 01:00
Room: Grand Salon
Track: Main

Links:

  • iCalendar

Speakers

Person_small
Yuriy Bulygin
Person_small
Mikhail Gorobets
Person_small
Andrew Furtak
Person_small
Oleksandr Bazhaniuk
Person_small
Alexander Matrosov
Person_small
Mickey Shkatov