Hardwear.io NL 2021: Automated Vulnerability Hunting In SMM Using Brick by Assaf & Itai

Описание к видео Hardwear.io NL 2021: Automated Vulnerability Hunting In SMM Using Brick by Assaf & Itai

Abstract:
-------------------
Ever since its introduction, SMM was considered by many to be one of the most powerful execution modes of Intel CPUs.

Unfortunately, practice has shown that more often than not, SMM code provided by most OEMs is poorly written and suffers from a myriad of security issues that can be exploited by attackers to elevate their privileges.

So far, hunting for SMM vulnerabilities was a tedious and mostly manual process, suitable only for domain experts. This talk aims to change all of that by presenting Brick, an easy-to-use, automated vulnerability scanner that searches for common vulnerabilities and anti-patterns in SMM code. Along the way, we'll also review some actual CVEs that were discovered by this tool.


#systemmanagementmodule #BRICK #VulnerabilityautomationScanner #hardwaresecurity
------------------------------------------------------------------------------------------------------------
Website: https://hardwear.io
Twitter:   / hardwear_io  
Facebook:   / hardwear.io  

Комментарии

Информация по комментариям в разработке

Похожие видео