Announcing one of many training tracks being scheduled for the Maritime and Control Systems Conference-#hacktheport2022

Hack The Building by MISI

Firmware Security Foundations by Eclypsium, Inc.

A variety of attacks targeting firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as UEFI, SMM, Intel ME, BMC, OS boot loaders and secure booting.

This training session (1day) will organize and discuss details of the objectives, attack vectors, vulnerabilities and exploits against various types of firmware, review mitigations as well as tools and methods available to analyze security of the firmware components.

It will also detail protections available in hardware and in firmware such as Secure Boot, Hardware Root of Trust implemented by modern operating systems against bootkits.

The training is done in two parts:

● A structured approach to security analysis of different types of firmware and mitigations through a lecture and hands-on exercises to test different firmware for vulnerabilities.

After the training, students will have basic understanding of platform hardware components, firmware components, attacks against different types of firmware, and available mitigations.

Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.

● Apply concepts to an enterprise environment.

Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks.

Attendees will perform assessments and basic forensic analysis of potential firmware attacks.

Prerequisites

● Understanding of x86 platform hardware and firmware fundamentals is welcome, but not required

● A moderate understanding of the Linux command line environment is expected.

Equipment & Tools Used During Training:
● Learn about UEFI, SMM, Intel ME, BMC firmware.

● Understand attacks against different types of firmware and corresponding mitigations.

● Perform basic cybersecurity actions for firmware.

● Software : Ubuntu Linux* (bootable USB), Miscellaneous Open Source Tools for UEFI (UEFITool, uefi_firmware_parser, RWEverything, …).

● Students should bring a PC laptop with UEFI-based firmware and a UEFI-enabled operating system (ex: Microsoft Windows 10*, macOS*). Students will need to be comfortable booting and running software from the provided USB thumb drives.

Instructor:
Eclypsium, Inc. ‘s Chuck Tran