papers.put.as

A collection of papers and presentation slides related to Mac OS X, iOS, and Firmware.

Firmware

2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018

2012

New Results for Timing-Based Attestation

by Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth
at 2012 IEEE Symposium on Security and Privacy
type paper
hash b4d43b10d24309eb7d3f933074a6130fdc49802254d6ff7787d72e2c1a163dc8

No More Hooks: Trustworthy Detection of Code Integrity Attacks

by Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth
at Def Con
type slides
hash 229c5fc6ef522a0b6e4f891df9bdd3c0f01fec396319a288c07e4b90929ee551

top

2013

BIOS Chronomancy: Fixing the Core Root of Trust for Measurement

by John Butterworth, Xeno Kovah, Corey Kallenberg
at BlackHat
type slides
hash f571851e5a2d60c8181b7c1d1ad2def9ced5baf7472b5faef1f1c0fc6666ad06

BIOS Chronomancy: Fixing the Core Root of Trust for Measurement

by John Butterworth, Xeno Kovah, Corey Kallenberg
at BlackHat
type paper
hash 1a68614164f5a33359981c5efd0795ccade1b0e7fe50fcd535b7b8f086a42d1c

top

2014

All Your Boot Are Belong To Us

by Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides
at CanSecWest
type slides
hash eefa6cf1a9efab64faa50e1d6e828060ba000956ba3462c68df15575c7a9dcab

All Your Boot Are Belong To Us

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at CanSecWest
type slides
hash 11904c6bc0119b2ef52a1ec042eaf0b7d4175892f05825b9d1f6b7b722ce319d

Attacks on UEFI Security

by Rafal Wojtczuk, Corey Kallenberg
at CCC
type slides
hash cb5c7717c5911cf65025873f06ba0fd6e0ac9040bd67d317ef5ae79fc53166c0

Attacking UEFI Boot Script

by Rafal Wojtczuk, Corey Kallenberg
at CCC
type paper
hash 9bb5d00e7b2b9f5299e4de7f1411582e57af86730cfa3634d16437cfab7d332a

Copernicus 2: SENTER the Dragon!

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at CanSecWest
type slides
hash 32039a1e96b3f633a8f3d19ee7f3805a2220e7e7065677433bcfe7d8cce37256

SENTER Sandman: Using Intel TXT to Attack BIOSes

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at HITB
type slides
hash c16b5fdd17cb029f3086aa3003d66c6b90c873964e140ef9ec694b80e425ee29

SENTER Sandman: Using Intel TXT to Attack BIOSes

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at HITB
type paper
hash ac136c000ba552443cf5ce85680171c2584bad27497cebee0df18d1ee4dd1b5e

Defeating Signed BIOS Enforcement

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at N/A
type paper
hash 5cc227aa723f80a76ea6b01b570ad447a3152f72975e8e345c2d4a3bb754ec72

Analyzing UEFI BIOS from Attacker & Defender Viewpoints

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat EU
type slides
hash 814db05500758f80291d2558640e2f285446646a0f2769b73c52d92735792c55

Into the Unknown: How to Detect BIOS-level attackers

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at VB
type slides
hash ccae135892bf59d199e92d9ff47c95740486d303dd2039ce340067936cc0ffe6

Into the Unknown: Assessing your BIOS vulnerabilities

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at MIRcon
type slides
hash 4f08ac02d9b483b8e19ee99c0bc848a079a92614426600d211a832e7e0694a69

Extreme Privilege Escalation on Windows 8/UEFI Systems

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat
type slides
hash 187dad978e58da4671eda9d02d93a7ad9aa91c43211da452c0441852ccfee28b

Extreme Privilege Escalation on Windows 8/UEFI Systems

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at BlackHat
type paper
hash 380de0008a76edb9c1889604c76a67c63b3217f7142b95c3cdbfccf25dd9a702

Setup For Failure: Defeating Secure Boot

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at SyScan Singapore
type slides
hash ac43c17c386a31065a6466522c5360909bc06f4adbd0d8f57855d894bb62cffb

Setup For Failure: Defeating Secure Boot

by Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell
at SyScan Singapore
type paper
hash f5acaedd54e18f091e0a20f78a6c5e666367f74d7b1f7f21c24c1c6875c7da56

The SMM Rootkit Revisited: Fun with USB

by Joshua Schiffman, David Kaplan
at n/a
type paper
hash 6e30c5fb0ad40f820eb9c20ed3e2daea287a82436f3d15fe2fcfa291c58c8673

top

2015

BIOS Necromancy: Utilizing “Dead Code” for BIOS Attacks

by Corey Kallenberg & Xeno Kovah
at HITB GSEC
type slides
hash 420943b6e8247eaba14815b394a0bc1b4c1298ce8f86b88d91f46403796faa59

Betting BIOS Bugs Won’t Bite Y’er Butt?

by Corey Kallenberg & Xeno Kovah
at ShmooCon
type slides
hash a746a0edf6a085e9331f969fe6f8ffde29956e2023a86e37f6eb0b0573bc1031

How Many Million BIOSes Would you Like to infect?

by Corey Kallenberg & Xeno Kovah
at CanSecWest
type slides
hash e2124f7e04e371e88d3556023f85df089a1fa3c0137815a1fc5b387d322fede3

How Many Million BIOSes Would you Like to infect?

by Corey Kallenberg & Xeno Kovah
at CanSecWest
type paper
hash 2fb8cc51d6f3b00bc81b359ee9b2b9b193fefa205c3cbd6685a3827ee5adf029

Are you giving firmware attackers a free pass?

by Corey Kallenberg & Xeno Kovah
at RSA
type slides
hash c0606390b284a80d6e980c4a51f81cc8c6b52043db3d392b1d54eaeb6f8f9476

Fix it yourself - detecting and fixing UEFI firmware vulnerabilities without access to it’s source code

by Nikolaj Schlej
at ZeroNights
type slides
hash a9be6640a6708eae943e96ed492c9ecd68525955fb16e881953fea3119cdd0d8

Attacking Hypervisors via Firmware and Hardware

by Alex Matrosov, Mikhail Gorobets, Oleksandr Bazhaniuk, Andrew Furtak, Yuriy Bulygin
at ZeroNights
type slides
hash 6ebcda27e0d1e894f0c08b88cc0e884797c826dc993589a0b83cdf191cef3f0a

Beyond Anti Evil Maid - Protecting hardware from early boot attacks

by Matthew Garrett
at 32c3
type slides
hash 9cb86cf6334ea2aa88d1bc785df1d80075cd2898fb533f3d6d3ad74bbb47535e

State considered harmful - A proposal for a stateless laptop

by Joanna Rutkowska
at n/a
type paper
hash bf7462dcf5f30811168e90d82adde9f88137c84818df0e9601f88b025a8a3b49

top

2016

Bypassing Secure Boot using Fault Injection

by Niek Timmers, Albert Spruyt
at BlackHat Europe
type slides
hash a6050b29daa6a4ec665da07cc787494905587c389bb92ae609646d4299235d9a

Firmware Biopsy

by tweek
at Ruxcon
type slides
hash 7534e759ba30086bff8cb51a8cc274f999dc4009e9403de94a280428ffc40c95

UEFI Firmware Rootkits: Myths and Reality

by Alex Matrosov, Eugene Rodionov
at H2HC
type slides
hash 5d78dbbcd39e3f34fe11098a2cf2eb531a01846c7e3a18ed038405cf87c73400

How to Become the Sole Owner of Your PC

by Maxim Goryachy, Mark Ermolov
at n/a
type slides
hash c650559d037fa36896e5226d12b9437ea1936c21ff7cc0306cda8f6a974daa42

Safeguarding rootkits: Intel BootGuard

by Alexander Ermolov
at ZeroNights
type slides
hash 4d0fb7ef73cc9e886965d0abc84a462fa19e735e96f3b0e83f8de228a12c4d7f

Safeguarding rootkits: Intel BootGuard part 2

by Alexander Ermolov
at Defcon Russia
type slides
hash f5067e4203f34c10ddad7fd828ad624cecd184611367715a93cb4a71641ebb45

Introduction to Reversing DXE drivers

by Bruno Pujos
at n/a
type slides
hash c2cbecb15acbf08cb4ce698ef6db0db5a4834da15b5a3c6be7812704f4650bf2

top

2017

UEFI Firmware Rootkits: Myths and Reality

by Alex Matrosov, Eugene Rodionov
at BlackHat Asia
type slides
hash 92b0c593f8f6ab832d420dce2ba450a362e041025266c433c6a6a9b3cce01d26

BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING

by Alex Matrosov
at BlackHat
type slides
hash 09233c0bae36d57900089cd79c1466e3fc9a8e3a75051d82b3fbb38bc45b18d4

BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING

by Alex Matrosov
at H2HC
type slides
hash 3dd2b7e8009143908cea1dbc0970a5136483ba5fe5b04f5f2a5b5a666a30d0c3

INTEL AMT. STEALTH BREAKTHROUGH

by Dmitriy Evdokimov, Alexander Ermolov, Maksim Malyutin
at BlackHat
type slides
hash 4afbc47ceff801e68d460859518d18c99d75c56cff0c92a0e39db3738988d6d2

INTEL AMT. STEALTH BREAKTHROUGH

by Dmitriy Evdokimov, Alexander Ermolov, Maksim Malyutin
at BlackHat
type paper
hash 9a2653385c53d6ff9d5c85e846505e2fef6e45c4ace729cb0c938b9943848d58

Exploring Your System Deeper [with CHIPSEC] is Not Naughty

by Oleksandr Bazhaniuk, Andrew Furtak, Mikhail Gorobets, Yuriy Bulygin
at CanSecWest
type slides
hash 7c2602c3642f46432efd4eda5d29fcd8936b3154929a7c4b1cd7010985721106

Fault Injection Attacks on Secure Boot

by Niek Timmers, Albert Spruyt
at HITB
type slides
hash 0139f3fe750a04716effc63b2e1c115a263422f479bf38a63603a06921e48689

How to Hack a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine

by Mark Ermolov, Maxim Goryachy
at BlackHat Europe
type slides
hash 69dc6f71501a8027e3576bf498a17121918f89fb480e6caa704474c39787867e

INTEL ME: FLASH FILE SYSTEM EXPLAINED

by Dmitry Sklyarov
at BlackHat Europe
type paper
hash 4a08ffccec62e7ed49f43244fe57f53adacd784dc00aab0d6fc4422917875917

BARing the System - New vulnerabilities in Coreboot & UEFI based systems

by Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, John Loucaides, Mikhail Gorobets
at RECon Brussels
type slides
hash cbb79d59ea77d49e10e8a33b99cbc6ca79951f78977aa2412496b85dbda19640

top

2018

Hardening with Hardware - How Windows is using hardware to improve security

by David Weston
at BlueHat IL
type slides
hash 4f9b37cf0316f94470988a6c14e6bcc18a701d786c831f8c2e2fe4bcb0bdaaad

UEFI Exploitation for the masses

by Jesse Michael & Mickey Shkatov
at Def Con 26
type slides
hash 1d31fc4987dc0d30e81ad3289d6e14e0e67ac4a6b361d9df59315befd131770c

Hardware Hacking Basics

by Joe Grand
at Def Con 26
type slides
hash 67c4d49a819641c9be188321136c4802fcefb77de1eb8c8ec4b95aacedcb17e7

top