RESEARCH

CHIPSEC Platform Security Assessment Framework  [ Github ]

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell.

For more details regarding CHIPSEC capabilities, please refer to Exploring your system deeper is not naughty presentation from CanSecWest 2017.

Examples:
Using CHIPSEC to find vulnerabilities in SMM firmware

Tianocore security advisories  [ Tianocore security advisories ]

Modern system firmware is often based on the open source implementation of UEFI known as Tianocore.

I've contributed quite a few security advisories in Tianocore.

BERSerk Vulnerability  [ part 1 part 2 ]

Details of BERSerk vulnerability are provided here.


PUBLICATIONS

Exploring your system deeper is not naughty  [ slides ]

Oleksandr Bazhaniuk, Mikhail Gorobets, Andrew Furtak, Yuriy Bulygin
CanSecWest 2017

You wanted to explore deep corners of your system but didn't know how? System boot firmware, ROMs on expansion cards, I/O devices and their firmware, microprocessors, embedded controllers, memory devices, low-level hardware interfaces, virtualization and hypervisors. You could discover if any of these have known vulnerabilities, configured insecurely or even discover new vulnerabilities and develop proof-of-concept exploits to test these vulnerabilities. Ultimately, you can verify security state of platform components of your system and how effective are the platform security defenses: hardware or virtualization based TEE, secure or trusted boot, firmware anti-tampering mechanisms, hypervisor based isolation... Or maybe you just want to explore hardware and firmware components your system has.

CHIPSEC framework can help you with all of that. Since releasing it three years ago at CanSecWest 2014 significant improvements have been made in the framework - from making it easy to install and use to adding lots of new security capabilities. We'll go over certain representative examples of what you can do with it such as finding vulnerabilities in SMM firmware, analyzing UEFI firmware vulnerabilities, testing hardware security mechanisms of the hypervisors, finding backdoors in UEFI images and more.

BARing the system: New vulnerabilities in SMM of Coreboot and UEFI based systems  [ slides ]

Yuriy Bulygin, Oleksandr Bazhaniuk
RECon Brussels 2017

Previously, we discovered a number of vulnerabilities in UEFI based firmware including software vulnerabilities in SMI handlers that could lead to SMM code execution, attacks on hypervisors like Xen, Hyper-V and bypassing modern security protections in Windows 10 such as Virtual Secure Mode with Credential and Device Guard. These issues led to changes in the way OS communicates with SMM on UEFI based systems and new Windows SMM Security Mitigations ACPI Table (WSMT).

This research describes an entirely new class of vulnerabilities affecting SMI handlers on systems with Coreboot and UEFI based firmware. These issues are caused by incorrect trust assumptions between the firmware and underlying hardware which makes them applicable to any type of system firmware. We will describe impact and various mitigation techniques. We will also release a module for open source CHIPSEC framework to automatically detect this type of issues on a running system.

ASN.1 Parsing Issues in Crypto Libraries: What Could Go Wrong?  [ slides ]

Andrew Furtak, Yuriy Bulygin, Oleksandr Bazhaniuk
Latincrypt 2015

This presentation will focus on a number of problem authors found in a number of crypto libraries related to ASN.1 parsing functionality. Some of these issues, such as 'BERserk' RSA signature forgery vulnerability in Mozilla NSS library (VU#772676), have already been studied publicly while others, such as ASN.1 parser issues in Oracle Java (CVE-2015-0410) and other crypto/SSL libraries, are largely unknown. Besides detailing specific issues we will discuss general set of potential issues with ASN.1 parsers used by crypto implementations, ways to avoid making such issues as well as test crypto libraries for issues in ASN.1 parsers.

Breaking Bad BIOS - The Art of BIOS Attacks

Oleksandr Bazhaniuk, Yuriy Bulygin
McAfee FOCUS 2015

Recent attacks against system firmware, including Basic Input/Output System (BIOS) and UEFI have attracted attention due to their ability to enable stealthy and highly persistent malware. Such malware may be able to can bypass secure OS boot, enabling attacks on encrypted disks and allowing installation of additional malware.

Reaching Far Corners of Matrix: Generic VMM Fingerprinting  [ slides ]

Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew Furtak, Mikhail Gorobets, John Loucaides, Mickey Shkatov
SOURCE Seattle 2015

Last years there were not many studies on fingerprinting the virtualized environment. This talk is to fill the gap and provide generalized approach for VMM fingerprinting and detection. The approach exploits ISA corner cases handling by VMMs. The results for the most popular modern VMMs will be presented. They show that all the popular modern VMMs can be reliably identified just with several instructions from user mode.

Attacking Hypervisors Through Firmware and Hardware  [ slides slides ]

Mikhail Gorobets, Oleksandr Bazhaniuk, Alex Matrosov, Andrew Furtak, Yuriy Bulygin
Black Hat USA 2015
DEF CON 23

In this presentation, we explore the attack surface of modern hypervisors from the perspective of vulnerabilities in system firmware, such as BIOS and in hardware emulation. We will demonstrate a number of new attacks on hypervisors based on system firmware vulnerabilities with impacts ranging from VMM DoS to hypervisor privilege escalation to SMM privilege escalation from within the virtual machines.

We will also show how a firmware rootkit based on these vulnerabilities could expose secrets within virtual machines and explain how firmware issues can be used for analysis of hypervisor-protected content such as VMCS structures, EPT tables, host physical addresses (HPA) map, IOMMU page tables etc. To enable further hypervisor security testing, we will also be releasing new modules in the open source CHIPSEC framework to test issues in hypervisors when virtualizing hardware.

Demo videos:
UEFI firmware rootkit steals secrets from virtual machines
Xen exploit from Dom0 via vulnerable firmware implementation
Hyper-V exploit from root partition through SMM firmware

Technical Details of the S3 Resume Boot Script Vulnerability  [ paper ]

Yuriy Bulygin, Oleksandr Bazhaniuk, Andrew Furtak, John Loucaides, Mikhail Gorobets

The examination of commercial malware developed by Hacking Team has revealed much to the security community. Of particular interest to platform security researchers at Intel's Advanced Threat Research team (ATR) is the presence of what appears to be a UEFI-based persistent infection mechanism. ATR has been researching vulnerabilities related to system firmware and working with a community of firmware developers and platform manufacturers to mitigate these threats. Others have also posted good information about this issue. Here, we will provide some preliminary analysis of the firmware threat.

Attacking and Defending BIOS in 2015  [ slides ]

Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew Furtak, Mikhail Gorobets, John Loucaides, Alex Matrosov, Mickey Shkatov
RECon 2015

In this presentation we will demonstrate multiple types of recently discovered BIOS vulnerabilities. We will detail how hardware configuration is restored upon resume from sleep and how BIOS can be attacked when waking up from sleep using "S3 resume boot script" vulnerabilities. Similarly, we will discuss the impact of insufficient protection of persistent configuration data in non-volatile storage and more. We'll also describe how to extract contents of SMRAM using above vulnerabilities and advanced methods such as Graphics aperture DMA to further perform analysis of the SMM code that would otherwise be protected. Additionally, we will detail "SMI input pointer" and other new types of vulnerabilities specific to SMI handlers. Finally, we will describe how each class of issues is mitigated as a whole and introduce new modules to CHIPSEC framework to test systems for these types of issues

Demo videos:
Exploit for the S3 boot script vulnerability in UEFI firmware (VU# 976132)

A New Class of Vulnerabilities in SMI Handlers  [ slides ]

Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew Furtak, Mikhail Gorobets, John Loucaides, Alexander Matrosov, Mickey Shkatov
CanSecWest 2015

This presentation will discuss security of SMI handler components of system firmware including the nature of a new class of vulnerabilities within the SMI handlers of BIOS/UEFI based firmware on various systems. It will also discuss how systems can be tested for these vulnerabilities and what can be done in firmware implementations to mitigate them.

Additionally, the presentation will also discuss how S3 resume affects security of the system and problems with S3 resume boot script in some BIOS implementations recently discovered and presented at 31C3.

Demo videos:
SMM unchecked pointer exploit demo

You Can't Recover a Brick: Hardware Security in the Enterprise

Yuriy Bulygin, Steve Grobman
McAfee FOCUS 2014

Vulnerabilities in BIOS, firmware, or hardware can lead to complete system compromise, including permanent damage. This talk will describe vulnerable areas in low level components on devices that are deployed in an enterprise. We'll show you how to reduce risk through a demonstration of how Intel Security tools validate systems during a typical denial of service attack scenario.

Summary of Attacks Against BIOS and Secure Boot  [ slides ]

Yuriy Bulygin, John Loucaides, Andrew Furtak, Oleksandr Bazhaniuk, Alexander Matrosov
DEF CON 22

A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as secure boot, OS loaders, and SMM. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component.

This talk will detail and organize some of the attacks and how they work. We will demonstrate a full software bypass of secure boot. In addition, we will describe underlying vulnerabilities and how to assess systems for these issues using an open source framework for platform security assessment. We will cover BIOS write protection, forensics on platform firmware, attacks against SMM, attacks against secure boot, and various other issues. After watching, you should understand how these attacks work, how they are mitigated, and how to test a system for the vulnerability.

Platform Security Assessment With CHIPSEC  [ slides ]

John Loucaides, Yuriy Bulygin
CanSecWest 2014

All Your Boot Are Belong To Us

[ slides (Intel)  slides (MITRE) ]

Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides from Intel
Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell from MITRE
CanSecWest 2014



Demo videos:
Windows 8 Secure Boot bypass via "Setup" variable in vulnerable UEFI firmware
Windows 8 Secure Boot bypass via unchecked TE executable in vulnerable UEFI firmware

A Tale of One Software Bypass of Windows 8 Secure Boot  [ slides ]

Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk
Black Hat USA 2013

Windows 8 Secure Boot based on UEFI 2.3.1 Secure Boot is an important step towards securing platforms from malware compromising boot sequence before the OS. However, there are certain mistakes platform vendors shouldn't make which can completely undermine protections offered by Secure Boot. We will demonstrate an example of full software bypass of Windows 8 Secure Boot due to such mistakes on some of the latest platforms and explain how those mistakes can be avoided.

Demo videos:
UEFI bootkit bypasses Windows 8 Secure Boot on vulnerable firmware implementations
User-mode Secure Boot bypass

Evil Maid Just Got Angrier: Why Full-Disk Encryption With TPM is Insecure on Many Systems  [ slides  demo ]

Yuriy Bulygin
CanSecWest 2013

Security features like Full-Disk Encryption solutions rely on protections of the underlying firmware and hardware. Often system firmware (BIOS) doesn't use or incorrectly configures protections offered by hardware. This work demonstrates that software Full-Disk Encryption solutions are still subject to Evil Maid attacks when firmware fails to correctly utilize hardware protections, even when they rely on Trusted Platform Module to protect contents on the system drive from attacks that tamper with system firmware.

Enhanced Detection of Malware  [ paper  ]

Carlos Rozas, Hormuzd Khosravi, Divya Kolar Sunder, Yuriy Bulygin
Intel Technology Journal, Volume 13 Issue 02, 2009 (Advances in Internet Security)

Researchers and industry have found novel uses for cloud computing to detect malware. We present a cloud-computing-based architecture that improves the resiliency of the existing solutions, and we describe our prototype that is based on existing Intel platforms.

Insane Detection of Insane Rootkits: Chipset Based Detection and Removal of Virtualization Malware  [ slides demo ]

Yuriy Bulygin, David Samyde
Black Hat USA 2008

This work introduces an approach to detect hardware-assisted virtualization malware different from currently developed techniques. It uses hardware capabilities of an embedded microcontroller inside chipset's north-bridge to detect virtualization malware, and to go beyond detection and remove it from the system. We will discuss advantages and other potential applications of the approach, possible attacks evading detection and solutions.

It also includes a demo of DeepWatch, a proof of concept detector of VT-x based virtualization rootkits implemented in north-bridge firmware.

CPU side-channels vs. virtualization rootkits: the good, the bad, or the ugly  [ slides ]

Yuriy Bulygin
ToorCon Seattle 2008

Side-channels that use CPU resources are bad. Everyone knows that. Rootkits that use CPU virtualization aren't any better. Security researchers mentioned theoretical possibility of using new developments in CPU side-channel cryptanalysis to detect virtualization rootkits. The purpose of this talk is to demonstrate actual implementation of detector that uses recently discovered RSB based micro-architectural side-channel to detect CPU virtualization rootkits. We will also describe essentials of the RSB-based side-channel analysis used by our detector.

Additional materials:
Detecting virtualization using CPU Return Stack Buffer
Hyper-channel PoC source code

Remote and Local Exploitation of Network Drivers  [ paper slides demo (55MB) ]

Yuriy Bulygin
Black Hat USA 2007

During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop without having any "visible" connection with those laptops and execute a malicious code in kernel.

This work describes the process behind hunting remote and local vulnerabilities in wireless LAN drivers as well as in other types of network drivers. The first part of the work describes simple and much more advanced examples of remote execution vulnerabilities in wireless device drivers that should be considered during vulnerabilities search. We demonstrate an example design of kernel-mode payload and construct a simple wireless frames fuzzer. The second part of the work explains local privilege escalation vulnerabilities in I/O Control device driver interface on Microsoft® Windows®, introduces a technique to uncover them. The third part of the work describes specific examples of local vulnerabilities in network drivers that can be exploited remotely and an exploitation technique. In the last part of the work we present case studies of remote and local vulnerabilities mitigated in Intel® Centrino® wireless LAN device drivers.

Epidemics of Mobile Worms  [ paper  ]

IEEE IPCCC Malware 2007

A Spread Model of Flash Worms  [ paper  ]

IEEE IPCCC Malware 2006
© 2008-2017 c7zero