💥#LogoFAIL PoC: Binarly researchers show the dangers of firmware parsing bugs by developing a PoC on a real device with modern firmware security features enabled (i.e. Intel Boot Guard and Secure Boot). Demo shows how one crash found by our fuzzer leads to arbitrary code execution during the DXE phase. 🔬More details: https://lnkd.in/d-jU8rCB
BINARLY’s Post
More Relevant Posts
-
#LogoFAIL REsearch is important from many perspectives. It shows new techniques for turning an integer overflow into a heap overflow, which can lead to arbitrary code execution. LogoFAIL PoC is the first public demonstration of high-impact UEFI heap exploitation primitives.
💥#LogoFAIL PoC: Binarly researchers show the dangers of firmware parsing bugs by developing a PoC on a real device with modern firmware security features enabled (i.e. Intel Boot Guard and Secure Boot). Demo shows how one crash found by our fuzzer leads to arbitrary code execution during the DXE phase. 🔬More details: https://lnkd.in/d-jU8rCB
To view or add a comment, sign in
-
-
🚨New blog: The Dark Side of UEFI: A technical Deep-Dive into Cross-Silicon Exploitation. 💥We explain the research results, which show that UEFI attacks and bug classes can be the same on ARM and x86 devices. 🔬Details: https://lnkd.in/g58swCkX 📺Demo: https://lnkd.in/gwqG3vxD
Memory content leak in Qualcomm ARM UEFI
https://www.youtube.com/
To view or add a comment, sign in
-
Unveiling the Shadowy Realm of Rootkits: Silent manipulators, lurking in the depths of your system without detection. Explore the realms of Kernel Mode, User Mode, Hardware/Firmware, Bootkits, and Memory Rootkits. #Rootkits #SystemSecurity #SilentIntruders #VigilinkIT #TechInnovation #ITServices
To view or add a comment, sign in
-
-
This "new" VMProtect leak is absolutely identical to the previous one except for two new files intel_cc and processors_cc in the \core\ directory. But both are very large, the first has 30k lines of code and the latter 3k.
To view or add a comment, sign in
-
Researchers Uncover Patched UEFI Vulnerability Affecting Multiple Intel Core Processors #UEFIVulnerability #IntelCPUFlaw #PhoenixSecureCore #CVE20240762 #BufferOverflow #PrivilegeEscalation #CodeExecution #FirmwareSecurity #BootkitPersistence #SupplyChainRisk #LenvovoPatches #IntelProcessorFamilies #AderLake #CoffeeLake #CometLake #IceLake #JasperLake #KabyLake #MeteorLake #RaptorLake #RocketLake #TigerLake #TPMConfiguration #UEFISecurityBreach #FirmwareImplants #LowLevelExploitation #CybersecurityResearch #PatchNow #UpdateFirmware #SecureBootProtection #DeviceVulnerability #IntelProcessorSecurity
To view or add a comment, sign in
-
Making Sense of x86 Microarchitecture 🖥️ Matt Godbolt outlines useful resources for gaining a deeper understanding of x86 microarchitecture, such as Agner Fog's optimization manuals, and explains how his own investigation into Intel processors' branch prediction unit led to attribution in the Spectre and Meltdown attacks. Extended Clip: https://lnkd.in/e7jKmjQY Full Episode: https://lnkd.in/edpKE6pD #x86 #microarchitecture #spectre #meltdown
To view or add a comment, sign in
-
Spent a good part of the day looking at #ZenBleed the latest processor bug, this one impacting AMD Zen2 chips. It's CVE-2023-20593 if you are keeping score at home. On affected systems, secrets can leak with any string compare operation. (This is oversimplified, but basically it's not good.) From what I can tell by reading release notes (XSA-433), this is a bug that had a scheduled coordinated disclosure date on August 8, 2023, but Google noticed that "AMD unexpectedly publish patches, earlier than an agreed embargo date." That largely explains the state of the world today - there's a whole lot of scrambling going on sorting out how to reproduce, how to mitigate temporarily, and where to get the bits for a permanent fix. Kudos to Tavis Ormandy at Google for a clever fuzzing scheme that found this hardware bug and the clear writeup that walked me through to reproduction.
To view or add a comment, sign in
-
New Vulnerability Information from NVD: CVE-2023-25527 NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Published on: September 19, 2023 at 06:15PM Link to post: https://ift.tt/rtHplS3
To view or add a comment, sign in
-
How to Trust Your Hardware Rick Altherr describes techniques for detecting whether hardware has been tampered with, specifically focusing on Google's Titan chip, which serves as a hardware Root of Trust (RoT) by interposing the Serial Peripheral Interface (SPI) bus between privileged components and boot firmware flash. Extended Clip: https://lnkd.in/ekHrBppa Full Episode: https://lnkd.in/etnXWARC #rootoftrust #firstinstructionintegrity #secureboot
To view or add a comment, sign in
-
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk http://ow.ly/aPcS104PeU5
To view or add a comment, sign in
-
Computer Engineer | Software Developer
5moHi, pls what fuzzer did you used to find this crash?