PC BIOS/UEFI firmware is usually “out of sight, out of mind”. But this just means it’s a place where sophisticated attackers can live unseen and unfettered. This class shares information about PC firmware security that was hard-won over years of focused research into firmware vulnerabilities.
We will cover why the BIOS is critical to the security of the platform. This course will also show you what capabilities and opportunities are provided to an attacker when BIOSes are not properly secured. We will also provide you tools for performing vulnerability analysis on firmware, as well as firmware forensics. This class will take people with existing reverse engineering skills and teach them to analyze UEFI firmware. This can be used either for vulnerability hunting, or to analyze suspected implants found in a BIOS, without having to rely on anyone else.
Understand the similarities and differences between the UEFI and legacy BIOS
Understand the BIOS/UEFI boot environments and how they interact with the platform architecture
How the BIOS/UEFI should configure the system to maximize platform security, and how attackers have bypassed these security mechanisms
How System Management Mode (SMM) is instantiated and must be protected
How SMM may be used to provide added layers of platform security
How the BIOS flash chip should be locked down, and what kind of attacks can be done when it is not
Learn how to Reverse Engineer UEFI modules
To teach you “how to fish” so you can take your newly-acquired knowledge to perform further security research in this area
Security researchers who wish to explore BIOS/SMM
Firmware engineers wishing to better understand how to protect their firmware
Operational defenders wishing to understand their exposure to BIOS level attacks
Forensic analysts who may need to look for artifacts of possible BIOS attacks
Must have x86 assembly and architecture knowledge equal to or greater than what is provided here: