Betting BIOS Bugs Won't Bite Y'er Butt?

Presented at ShmooCon XI (2015), Jan. 16, 2015, 6 p.m. (30 minutes).

2013 saw the disclosure of the most BIOS vulnerabilities ever. Mostly due to our research. Mostly due to the fact that where people don't look, problems fester. The problem is, defenders typically don't track BIOS bugs the way they track the latest patch tuesday reports. Which means your enterprise is almost certainly rife with BIOS bugs, and you don't even know it. This talk will be a quick run through the BIOS vulnerabilities & PoC malware that have been disclosed in the last couple years, and what you can concrete steps you can take to start performing BIOS vulnerability checking, and integrity checking, to protect yourself or your company.

Presenters:

  • Xeno Kovah
    Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.
  • Corey Kallenberg
    Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.

Similar Presentations: