CanSecWest: Security Masters Dojo Vancouver
Introductory BIOS and SMM SecurityRegister for March 10-11 Course
Since there is no longer any denying that BIOS rootkits exist, this class will focus on the topic of what makes BIOS vulnerable to attack in the first place.
This course will show you how to analyze and understand the various ways a BIOS can be vulnerable, what opportunities for entry these vulnerabilities provide an attacker, and how the vulnerabilities can be mitigated.
This course uses a legacy BIOS for its examples but you'll learn that the vulnerabilities I describe are applicable regardless of whether the CPU architecture is x86 or x64 or whether the BIOS is Legacy or UEFI.
A portion of the first day will be spent exploring the core concepts required to understand the operating environment of the BIOS and its interaction with the system’ labs will serve to de-abstract what is otherwise an abstract topic that provides the operator little insight. The remainder will be spent covering BIOS security vulnerabilities.
- Introduction to BIOS and system architecture concepts
- Chipset architecture
- Input/output (including PCI) and how the CPU/BIOS uses it to configure the system
- PCI Option ROMs
- System Management Mode (SMM)
- BIOS Flash (Serial Peripheral Interface)
- BIOS interaction with the TPM and the Measured Boot process
- Introduction to UEFI and how to analyze a BIOS when a change has been detected
- Learn which system configurations make BIOS vulnerable to compromise and how to detect them
- Learn what opportunities these vulnerabilities provide an attacker
- Learn how the system should be configured to mitigate the vulnerabilities
- Anyone interested in learning what makes a BIOS vulnerable
- Anyone who wants to learn how to detect whether a BIOS is vulnerable
- Anyone who wants to understand how a BIOS should be configured so as to not be vulnerable
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
- You will be lent a laptop with a customized (very vulnerable) BIOS which we will explore as the course progresses