Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives – Penetration Testing

Training: Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives

This repository contains materials for a hands-on training Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives

A variety of attacks targeting system firmware has been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders and secure booting. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of system firmware such as legacy BIOS, SMI handlers and UEFI based firmware, mitigations as well as tools and methods available to analyze the security of such firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot implemented by modern operating systems against bootkits.

The training includes theoretical material describing a structured approach to system firmware security analysis and mitigations as well as many hands-on exercises to test system firmware for vulnerabilities. After the training, you should have a basic understanding of platform hardware components and various types of system firmware, security objectives and attacks against system firmware, mitigations available in hardware and firmware. You should be able to apply this knowledge in practice to identify vulnerabilities in BIOS and perform forensic analysis of the firmware.

Materials

Module 0 Introduction to Firmware Security

Module 1 BIOS and UEFI Firmware Fundamentals

Module 2 Bootkits and UEFI Secure Boot

Module 3 Hands-On Platform Hardware and Firmware

Module 4 System Firmware Attack Vectors

Module 5 Hands-On EFI Environment

Module 6 Mitigations

Module 7 System Firmware Forensics

Miscellaneous Materials

Download

The post Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives appeared first on Penetration Testing.

http://ift.tt/2tEPyAV http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s