Presented at
Black Hat USA 2017,
July 27, 2017, 3:50 p.m.
(50 minutes).
Every modern computer system based on Intel architecture has Intel Management Engine (ME) - a built-in subsystem with a wide array of powerful capabilities (such as full access to operating memory, out-of-band access to a network interface, running independently of CPU even when it is in a shutdown state, etc.). On the one hand, these capabilities allow Intel to implement many features and technologies based on Intel ME. On the other hand, it makes Intel ME a tempting target for an attacker. Especially, if an attack can be conducted remotely.
Here, Intel Active Management Technology (AMT) fits perfectly – it is based on Intel ME and means for a remote administration of computer system. So… during this talk we will discuss methods of remote pwning of almost every Intel based system, manufactured since 2010 or later.
Presenters:
-
Maksim Malyutin
- Security Researcher, Embedi
Maksim Malyutin is a programmer who has occasionally ended up dealing with information security. Key interests include UEFI, SMM, and other depths of Intel architecture.
-
Alexander Ermolov
- Security Researcher, Embedi
Alexander Ermolov is a researcher, reverse engineer, and information security expert. His passions include low-level design, analysis of system software, BIOS, and other firmware. He loves to research undocumented technologies.
-
Dmitriy Evdokimov
- CTO, Embedi
Dmitry Evdokimov is CTO of Embedi. It is his opinion that attack and defence are just two sides of the same coin. He is actively engaged in research of embedded devices cybersecurity where he tries to focus on problems and their solutions on techniques for prevention the exploitation of wide range of vulnerabilities in embedded devices. Dmitry's scope of interests cover reverse engineering, software verification/program analysis (SMT, DBI, IL), research and development of exploits, software for static and dynamic code analysis.
Links:
Similar Presentations: