Presented by:

D4766d549bcc8771e8731d8d442b1060

Paul English (penglish@preossec.com)

from Vaisala Inc, Seattle Area System Administrator's Guild, League of Professional System Administrators, Seattle Privacy Coalition, Techno-Activism 3rd Mondays, Emerald Onion Project

Paul is CEO of PreOS Security Inc and is a board member for the League of Professional System Administrator, a nonprofit professional association for the advancement of the practice of system administration from 2015 through 2017. Paul has a bachelor’s degree in computer science from Worcester Polytechnic Institute obtained in 1998. He has been a UNIX & Linux system administrator and wearer of many other IT hats since 1996. More recently he has managed a few sysadmins while still racking the occasional server. In 2016, Paul ventured into a firmware security startup to help sysadmins keep their systems safe from new threats.

No video of the event yet, sorry!

For attackers, platform firmware is the new Software. Most systems include hundreds of firmwares - UEFI or BIOS, PCIe expansion ROMs, USB controller drivers, storage controller host and disk/SSD drivers. Firmware-level hosted malware, bare-metal or virtualized, is nearly invisible to normal security detection tools, has full control of your system, and can often continue running even when the system is "powered off". Security Firms (eg, "Hacking Team" sell UEFI 0days to the highest bidder), and government agencies include firmware-level malware (eg, Wikileak'ed Vault7 CIA EFI malware). Defenders need to catch-up, and learn to defend their systems against firmware-level malware. In this presentation, we'll cover the NIST SP (147,147b,155,193) secure firmware guidance, for citizens, rather than vendors/enterprises. We'll discuss the problem of firmware-level malware, and cover some open source tools (FlashROM, CHIPSEC, etc.) to help detect malware on your system. We'll be discussing a new open source tool we've just released to help make it easier for you to do this check. You'll also get a nice paper tri-fold copy of our CHIPSEC Quick Reference for Sysadmins [note: we're all sysadmins for our own personal systems(!)], and some scary looking BadBIOS stickers for your laptop.

Date:
2017 October 6 - 16:30
Duration:
50 min
Room:
Room 3180
Conference:
Seattle GNU/Linux Conference 2017
Language:
Track:
Security/InfoSec
Difficulty:
Medium

Happening at the same time:

  1. Hackers Gotta Eat
  2. Start Time:
    2017 October 6 16:30

    Room:
    Room 3183

  3. Beyond iotop and iostat: A disk I/O deep dive using blktrace and debugfs
  4. Start Time:
    2017 October 6 16:30

    Room:
    Room 3184

  5. UEFI: What Is It and How Can We Exploit It For Fun And Profit
  6. Start Time:
    2017 October 6 16:30

    Room:
    Room 3178

  7. Verbose mode: an exploration of programming languages and craft
  8. Start Time:
    2017 October 6 16:30

    Room:
    Room 3179