CHIPSEC รีทวีตแล้ว
Want to make your own persistent rootkit?
Just sign your native windows binary with one of Hacking Team's revoked code signing certificates and you are all set!
eclypsium.com/2021/09/20/eve…
Certificate: bit.ly/3CBTfLE
English
CHIPSEC
513 posts
CHIPSEC
@CHIPSEC
Open Source Platform Security Assessment Framework
เข้าร่วม Nisan 2014
18 กำลังติดตาม2.4K ผู้ติดตาม
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC. Check it out here: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
Yep, @CHIPSEC has TPM interface too: chipsec_util.py tpm help
No ROCA test yet?
#TPM15minsOfFame
English
CHIPSEC รีทวีตแล้ว
Added new module to dump and parse the Windows SMM Mitigations Table.
Chipsec Release@ChipsecR
New release from @CHIPSEC ! Check it out: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC ! Check it out: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
@CHIPSEC now exposes the common.smm_code_chk module that verifies MSR_SMM_FEATURE_CONTROL is configured properly to mitigate SMM callout vulnerabilities.
John Loucaides@JohnLoucaides
I find it super interesting that practical testing showed SMM_CODE_CHK_EN to be readable outside SMM, contrary to @intel docs! Way more useful if someone can check whether it's on, if you ask me. :-)
English
CHIPSEC รีทวีตแล้ว
Now, cross your fingers and pass this address as an additional argument to the CHIPSEC command. If all goes well, CHIPSEC should now be able to scan the boot script for any potential call-out vulnerabilities.
Disclaimer: I only tried this on my own computer. Use at your own risk!
English
Great point. Can also think of improving s3bootscript module to dump NVRAM directly (rather than read from runtime) and look up the AcpiGlobalVariable in NVRAM
Assaf Carlsbad@assaf_carlsbad
If you ever encountered a machine where @CHIPSEC fails to obtain and parse the S3 boot script, chances are the 'AcpiGlobalVariable' (which should contain the pointer to the boot script) simply doesn't have the 'Runtime' attribute, and therefore it can't be enumerated from the OS.
English
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC. Check it out here:
github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC. Check it out here: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC. Check it out here: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
CHIPSEC รีทวีตแล้ว
I give you the cyberpunk #badgelife Christmas tree of my dreams 🎄☠️ Happy Holidays, everyone!!!
English
CHIPSEC รีทวีตแล้ว
TrickBot Now Offers ‘TrickBoot' @VK_Intel @IntelAdvanced and @Eclypsium have discovered a new module in the TrickBot toolset aimed at detecting UEFI / BIOS firmware vulnerabilities, enabling #malware to persist, brick, and profit. #TrickBoot
bit.ly/33DO1Qd
English
CHIPSEC รีทวีตแล้ว
New release from @CHIPSEC. Check it out here: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
@CHIPSEC 1.5.6 has been released! Check it out: github.com/chipsec/chipse…
English
CHIPSEC รีทวีตแล้ว
Use @CHIPSEC to play with UEFI variables. Lots of cool stuff there.
OS sees a lot fewer variables that there is stored in NVRAM
English
CHIPSEC รีทวีตแล้ว
Easy to unpack any SPI dump with @CHIPSEC :
chipsec_util decode spi.bin
Assaf Carlsbad@assaf_carlsbad
The first part of @liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative and discuss techniques to reverse, debug and fuzz UEFI drivers labs.sentinelone.com/moving-from-co…
English
CHIPSEC รีทวีตแล้ว
The first part of @liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative and discuss techniques to reverse, debug and fuzz UEFI drivers
labs.sentinelone.com/moving-from-co…
English
CHIPSEC รีทวีตแล้ว
Eclypsium researchers discovered #BootHoleVulnerability in the GRUB2 bootloader that can be used to gain arbitrary code execution on majority of Linux and Windows based systems, even when they are not using GRUB and Secure Boot is enabled. bit.ly/3g9AYuk
English