-=[ Getting into the SMRAM: SMM Reloaded ]=-
by Loic Duflot, Olivier Levillain, Benjamin Morin and Olivier Grumelard
at CanSecWest
type slides
hash 45dc5f12bcb871d0ae34849338faa056ca2f0921994fedd48aa2d32edee2093c
-=[ Following the White Rabbit: Software attacks against Intel VT-d technology ]=-
by Rafal Wojtczuk, Joanna Rutkowska
at n/a
type paper
hash 362d7d5f849df2806837b403338dd7a551af124b1edd86c8ba4c9a6b9c696e5a
-=[ New Results for Timing-Based Attestation ]=-
by Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth
at 2012 IEEE Symposium on Security and Privacy
type paper
hash b4d43b10d24309eb7d3f933074a6130fdc49802254d6ff7787d72e2c1a163dc8
-=[ No More Hooks: Trustworthy Detection of Code Integrity Attacks ]=-
by Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth
at Def Con
type slides
hash 229c5fc6ef522a0b6e4f891df9bdd3c0f01fec396319a288c07e4b90929ee551
-=[ Rootkit in your laptop: Hidden code in your chipset and how to discover what exactly it does ]=-
by Igor Skochinsky
at Breakpoint
type slides
hash 079e0073022a35db5974be6ad7725f14dc7fe979d5fb2b1d1000ea0260b50128
-=[ BIOS Chronomancy: Fixing the Core Root of Trust for Measurement ]=-
by John Butterworth, Xeno Kovah, Corey Kallenberg
at BlackHat
type slides
hash f571851e5a2d60c8181b7c1d1ad2def9ced5baf7472b5faef1f1c0fc6666ad06
-=[ Problems with the Static Root of Trust for Measurement ]=-
by John Butterworth, Xeno Kovah, Corey Kallenberg
at BlackHat
type paper
hash 1a68614164f5a33359981c5efd0795ccade1b0e7fe50fcd535b7b8f086a42d1c
-=[ BIOS Chronomancy: Fixing the Core Root of Trust for Measurement ]=-
by John Butterworth, Xeno Kovah, Corey Kallenberg
at n/a
type paper
hash 989db5551594501186a5d0cc0cdbfeff2e0851aff0dee06062f6db35089ecd6d
-=[ You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger ]=-
by Evangelos Ladakis, Lazaros Koromilas, Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis
at Eurosec
type paper
hash 15caef13a95433b62e5eb9fcd34a6f6276fd8d96745e968be8f6c7d746369ccc
-=[ All Your Boot Are Belong To Us ]=-
by Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides
at CanSecWest
type slides
hash eefa6cf1a9efab64faa50e1d6e828060ba000956ba3462c68df15575c7a9dcab
-=[ All Your Boot Are Belong To Us ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at CanSecWest
type slides
hash 11904c6bc0119b2ef52a1ec042eaf0b7d4175892f05825b9d1f6b7b722ce319d
-=[ Attacks on UEFI Security ]=-
by Rafal Wojtczuk, Corey Kallenberg
at CCC
type slides
hash cb5c7717c5911cf65025873f06ba0fd6e0ac9040bd67d317ef5ae79fc53166c0
-=[ Attacking UEFI Boot Script ]=-
by Rafal Wojtczuk, Corey Kallenberg
at CCC
type paper
hash 9bb5d00e7b2b9f5299e4de7f1411582e57af86730cfa3634d16437cfab7d332a
-=[ Copernicus 2: SENTER the Dragon! ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at CanSecWest
type slides
hash 32039a1e96b3f633a8f3d19ee7f3805a2220e7e7065677433bcfe7d8cce37256
-=[ SENTER Sandman: Using Intel TXT to Attack BIOSes ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at HITB
type slides
hash c16b5fdd17cb029f3086aa3003d66c6b90c873964e140ef9ec694b80e425ee29
-=[ SENTER Sandman: Using Intel TXT to Attack BIOSes ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at HITB
type paper
hash ac136c000ba552443cf5ce85680171c2584bad27497cebee0df18d1ee4dd1b5e
-=[ Defeating Signed BIOS Enforcement ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at N/A
type paper
hash 5cc227aa723f80a76ea6b01b570ad447a3152f72975e8e345c2d4a3bb754ec72
-=[ Analyzing UEFI BIOS from Attacker & Defender Viewpoints ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat EU
type slides
hash 814db05500758f80291d2558640e2f285446646a0f2769b73c52d92735792c55
-=[ Into the Unknown: How to Detect BIOS-level attackers ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at VB
type slides
hash ccae135892bf59d199e92d9ff47c95740486d303dd2039ce340067936cc0ffe6
-=[ Into the Unknown: Assessing your BIOS vulnerabilities ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at MIRcon
type slides
hash 4f08ac02d9b483b8e19ee99c0bc848a079a92614426600d211a832e7e0694a69
-=[ Extreme Privilege Escalation on Windows 8/UEFI Systems ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat
type slides
hash 187dad978e58da4671eda9d02d93a7ad9aa91c43211da452c0441852ccfee28b
-=[ Extreme Privilege Escalation on Windows 8/UEFI Systems ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat
type paper
hash 380de0008a76edb9c1889604c76a67c63b3217f7142b95c3cdbfccf25dd9a702
-=[ Setup For Failure: Defeating Secure Boot ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at SyScan Singapore
type slides
hash ac43c17c386a31065a6466522c5360909bc06f4adbd0d8f57855d894bb62cffb
-=[ Setup For Failure: Defeating Secure Boot ]=-
by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at SyScan Singapore
type paper
hash f5acaedd54e18f091e0a20f78a6c5e666367f74d7b1f7f21c24c1c6875c7da56
-=[ The SMM Rootkit Revisited: Fun with USB ]=-
by Joshua Schiffman, David Kaplan
at n/a
type paper
hash 6e30c5fb0ad40f820eb9c20ed3e2daea287a82436f3d15fe2fcfa291c58c8673
-=[ Building A UEFI Security Test Strategy ]=-
by Kevin Davis
at UEFI Plugfest
type slides
hash 8c634356e33cae9e474ee47d7c9d5bad097fbf3c86ef9d92e549dfdf4edd6b82
-=[ Intel ME: Two Years Later ]=-
by Igor Skochinsky
at Breakpoint
type slides
hash 1c9ee215fb2c35318695fe0011a0d74687e7cbeefa9da0e5c0380a5acdc862f6
-=[ Intel ME: Two Years Later (less slides) ]=-
by Igor Skochinsky
at Breakpoint
type slides
hash c37095cf1063013e75c63a31aa960f186956b18db4477dd43d4c76e22188700d
-=[ Intel ME Secrets: Hidden code in your chipset and how to discover what exactly it does ]=-
by Igor Skochinsky
at RECon
type slides
hash bddd50a944460623cc57a69e130f9d0078d1433ed2844d0239409e185e354860
-=[ BIOS Necromancy: Utilizing “Dead Code” for BIOS Attacks ]=-
by Corey Kallenberg & Xeno Kovah
at HITB GSEC
type slides
hash 420943b6e8247eaba14815b394a0bc1b4c1298ce8f86b88d91f46403796faa59
-=[ Betting BIOS Bugs Won’t Bite Y’er Butt? ]=-
by Corey Kallenberg & Xeno Kovah
at ShmooCon
type slides
hash a746a0edf6a085e9331f969fe6f8ffde29956e2023a86e37f6eb0b0573bc1031
-=[ How Many Million BIOSes Would you Like to infect? ]=-
by Corey Kallenberg & Xeno Kovah
at CanSecWest
type slides
hash e2124f7e04e371e88d3556023f85df089a1fa3c0137815a1fc5b387d322fede3
-=[ How Many Million BIOSes Would you Like to infect? ]=-
by Corey Kallenberg & Xeno Kovah
at CanSecWest
type paper
hash 2fb8cc51d6f3b00bc81b359ee9b2b9b193fefa205c3cbd6685a3827ee5adf029
-=[ Are you giving firmware attackers a free pass? ]=-
by Corey Kallenberg & Xeno Kovah
at RSA
type slides
hash c0606390b284a80d6e980c4a51f81cc8c6b52043db3d392b1d54eaeb6f8f9476
-=[ Fix it yourself - detecting and fixing UEFI firmware vulnerabilities without access to it’s source code ]=-
by Nikolaj Schlej
at ZeroNights
type slides
hash a9be6640a6708eae943e96ed492c9ecd68525955fb16e881953fea3119cdd0d8
-=[ Attacking Hypervisors via Firmware and Hardware ]=-
by Alex Matrosov, Mikhail Gorobets, Oleksandr Bazhaniuk, Andrew Furtak, Yuriy Bulygin
at ZeroNights
type slides
hash 6ebcda27e0d1e894f0c08b88cc0e884797c826dc993589a0b83cdf191cef3f0a
-=[ Beyond Anti Evil Maid - Protecting hardware from early boot attacks ]=-
by Matthew Garrett
at 32c3
type slides
hash 9cb86cf6334ea2aa88d1bc785df1d80075cd2898fb533f3d6d3ad74bbb47535e
-=[ State considered harmful - A proposal for a stateless laptop ]=-
by Joanna Rutkowska
at n/a
type paper
hash bf7462dcf5f30811168e90d82adde9f88137c84818df0e9601f88b025a8a3b49
-=[ Attacking and Defending BIOS in 2015 ]=-
by Oleksandr Bazhaniuk, Yuriy Bulygin
at RECon
type slides
hash 02ab1b9bf9dec91b2fb4f9a0493b8fbfbf59effa976ba5b676a49d214b144813
-=[ Attacking Hypervisors via Firmware and Hardware ]=-
by Alex Matrosov, Mikhail Gorobets, Oleksandr Bazhaniuk, Andrew Furtak, Yuriy Bulygin
at BlackHat
type slides
hash 9172edb64e445e7ff5f273ab82861eb3ebb0e0d382fb6de43e56b008017a6c42
-=[ How Many Million BIOSes Would you Like to infect? ]=-
by Corey Kallenberg & Xeno Kovah
at HITB
type slides
hash 723dc5f878df6f8aeb0ca3d7104699b3689c3f7e407a38b60001ee88e3659d3a
-=[ UEFI Firmware – Securing SMM ]=-
by Dick Wilkins
at UEFI Spring Plugfest
type slides
hash f5553b46f16e112689c9b626b4863afcbdf4197a2da14f1f50a52c3fe45f4f9b
-=[ Bypassing Secure Boot using Fault Injection ]=-
by Niek Timmers, Albert Spruyt
at BlackHat Europe
type slides
hash a6050b29daa6a4ec665da07cc787494905587c389bb92ae609646d4299235d9a
-=[ Firmware Biopsy ]=-
by tweek
at Ruxcon
type slides
hash 7534e759ba30086bff8cb51a8cc274f999dc4009e9403de94a280428ffc40c95
-=[ UEFI Firmware Rootkits: Myths and Reality ]=-
by Alex Matrosov, Eugene Rodionov
at H2HC
type slides
hash 5d78dbbcd39e3f34fe11098a2cf2eb531a01846c7e3a18ed038405cf87c73400
-=[ How to Become the Sole Owner of Your PC ]=-
by Maxim Goryachy, Mark Ermolov
at n/a
type slides
hash c650559d037fa36896e5226d12b9437ea1936c21ff7cc0306cda8f6a974daa42
-=[ Safeguarding rootkits: Intel BootGuard ]=-
by Alexander Ermolov
at ZeroNights
type slides
hash 4d0fb7ef73cc9e886965d0abc84a462fa19e735e96f3b0e83f8de228a12c4d7f
-=[ Safeguarding rootkits: Intel BootGuard part 2 ]=-
by Alexander Ermolov
at Defcon Russia
type slides
hash f5067e4203f34c10ddad7fd828ad624cecd184611367715a93cb4a71641ebb45
-=[ Introduction to Reversing DXE drivers ]=-
by Bruno Pujos
at n/a
type slides
hash c2cbecb15acbf08cb4ce698ef6db0db5a4834da15b5a3c6be7812704f4650bf2
-=[ UEFI Firmware Rootkits: Myths and Reality ]=-
by Alex Matrosov, Eugene Rodionov
at BlackHat Asia
type slides
hash 92b0c593f8f6ab832d420dce2ba450a362e041025266c433c6a6a9b3cce01d26
-=[ BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING ]=-
by Alex Matrosov
at BlackHat
type slides
hash 09233c0bae36d57900089cd79c1466e3fc9a8e3a75051d82b3fbb38bc45b18d4
-=[ BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING ]=-
by Alex Matrosov
at H2HC
type slides
hash 3dd2b7e8009143908cea1dbc0970a5136483ba5fe5b04f5f2a5b5a666a30d0c3
-=[ BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING ]=-
by Alex Matrosov
at ZeroNights
type slides
hash 90709e433da72e8f3e4662c48db7999a2327fab425f7dcf5f6676b2df313f733
-=[ INTEL AMT. STEALTH BREAKTHROUGH ]=-
by Dmitriy Evdokimov, Alexander Ermolov, Maksim Malyutin
at BlackHat
type slides
hash 4afbc47ceff801e68d460859518d18c99d75c56cff0c92a0e39db3738988d6d2
-=[ INTEL AMT. STEALTH BREAKTHROUGH ]=-
by Dmitriy Evdokimov, Alexander Ermolov, Maksim Malyutin
at BlackHat
type paper
hash 9a2653385c53d6ff9d5c85e846505e2fef6e45c4ace729cb0c938b9943848d58
-=[ Exploring Your System Deeper [with CHIPSEC] is Not Naughty ]=-
by Oleksandr Bazhaniuk, Andrew Furtak, Mikhail Gorobets, Yuriy Bulygin
at CanSecWest
type slides
hash 7c2602c3642f46432efd4eda5d29fcd8936b3154929a7c4b1cd7010985721106
-=[ Fault Injection Attacks on Secure Boot ]=-
by Niek Timmers, Albert Spruyt
at HITB
type slides
hash 0139f3fe750a04716effc63b2e1c115a263422f479bf38a63603a06921e48689
-=[ How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine ]=-
by Mark Ermolov, Maxim Goryachy
at BlackHat Europe
type slides
hash 69dc6f71501a8027e3576bf498a17121918f89fb480e6caa704474c39787867e
-=[ INTEL ME: Flash File System Explained ]=-
by Dmitry Sklyarov
at BlackHat Europe
type paper
hash 4a08ffccec62e7ed49f43244fe57f53adacd784dc00aab0d6fc4422917875917
-=[ BARing the System - New vulnerabilities in Coreboot & UEFI based systems ]=-
by Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, John Loucaides, Mikhail Gorobets
at RECon Brussels
type slides
hash cbb79d59ea77d49e10e8a33b99cbc6ca79951f78977aa2412496b85dbda19640
-=[ Hardening with Hardware - How Windows is using hardware to improve security ]=-
by David Weston
at BlueHat IL
type slides
hash 4f9b37cf0316f94470988a6c14e6bcc18a701d786c831f8c2e2fe4bcb0bdaaad
-=[ UEFI Exploitation for the masses ]=-
by Jesse Michael & Mickey Shkatov
at Def Con 26
type slides
hash 1d31fc4987dc0d30e81ad3289d6e14e0e67ac4a6b361d9df59315befd131770c
-=[ Hardware Hacking Basics ]=-
by Joe Grand
at Def Con 26
type slides
hash 67c4d49a819641c9be188321136c4802fcefb77de1eb8c8ec4b95aacedcb17e7
-=[ Breaking Through Another Side - Bypassing Firmware Security Boundaries from Embedded Controller ]=-
by Alex Matrosov & Alexander Gazet
at BlackHat
type slides
hash 098776f29b7c95006dec6685425959b898cd736ab053e3f4f27846e07b1bfd22
-=[ Inside the Apple T2 ]=-
by Mikhail Davidov, Jeremy Erickson
at BlackHat
type slides
hash d711c7c13beddd381d2817f78dd937c1ac9277fefbd766ce5ec3f936164af7a3
-=[ Behind the Scenes of Intel Security and Manageability Engine ]=-
by Shai Hasarfaty, Yanai Moyal
at BlackHat
type slides
hash 3f0f42b1a9183c4447093316be4b26a125c3c9ff0a6f4c64885e39de67f6e765
-=[ Bypassing a Hardware-Based Trusted Boot Through x86 CPU Microcode Downgrade ]=-
by Alexander Ermolov
at HITB
type slides
hash 857dada4eb3d737d0c6093ba4adff07bb2f5bbe67c782b9bda2df9472659ad69
-=[ Betrayal of Reputation: Trusting the Untrustable Hardware and Software with Reputation ]=-
by Seunghun Han
at n/a
type slides
hash b62c3dce8f330e1805436bfeb3a38850260cb0a4052470ca30663bc6304fd2cb
-=[ IOMMU and DMA attacks ]=-
by Jean-Christophe Delaunay
at C&ESAR 2019
type slides
hash 7e9ca566ecc9f1b87dc5068f62659132ea7d70086958ffbeb048b9ed43f3565f