applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Introductory BIOS and SMM Security

Register for March 10-11 Course

John Butterworth


Since there is no longer any denying that BIOS rootkits exist, this class will focus on the topic of what makes BIOS vulnerable to attack in the first place.

This course will show you how to analyze and understand the various ways a BIOS can be vulnerable, what opportunities for entry these vulnerabilities provide an attacker, and how the vulnerabilities can be mitigated.

This course uses a legacy BIOS for its examples but you'll learn that the vulnerabilities I describe are applicable regardless of whether the CPU architecture is x86 or x64 or whether the BIOS is Legacy or UEFI.

A portion of the first day will be spent exploring the core concepts required to understand the operating environment of the BIOS and its interaction with the system’ labs will serve to de-abstract what is otherwise an abstract topic that provides the operator little insight. The remainder will be spent covering BIOS security vulnerabilities.


Learning Objectives

Target Audience

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Student Requirements