System Firmware Attack and Defense for the Enterprise

A variety of attacks targeting system firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders and secure booting. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of system firmware such as legacy BIOS, SMI handlers and UEFI based firmware, mitigations as well as tools and methods available to analyze security of such firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot implemented by modern operating systems against bootkits.

The training includes two parts:

• Present a structured approach to system firmware security analysis and mitigations through lecture and hands-on exercises to test system firmware for vulnerabilities. After the training, students will have basic understanding of platform hardware components, system firmware components, attacks against system firmware, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
• Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks.

Goals

• Learn about system firmware using Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System(BIOS) models.
• Understand attacks against system firmware and corresponding mitigations.
• Perform basic forensics on system firmware.

CLASS REQUIREMENTS

Prerequisites

Understanding of x86 platform hardware and firmware fundamentals is welcome, but not required. A moderate understanding of the Linux command line environment is expected.

Equipment & Tools Used During Training:

Software : Ubuntu Linux* (bootable USB), UEFI Shell and related applications (bootable USB), CHIPSEC (firmware security framework), UEFI Development Tools (Intel® UEFI Development Kit Debugger Tool, UEFI Driver Wizard, …), Miscellaneous Open Source Tools for UEFI (UEFITool, uefi_firmware_parser, RWEverything, …).

All necessary equipment and software necessary will be provided. This includes bootable USB drives, and tools for firmware analysis.

Students should bring a PC laptop with UEFI-based firmware and a UEFI-enabled operating system (ex: Microsoft Windows 10*, macOS*). Students will need to be comfortable booting and running software from the provided USB thumb drives.