Betting BIOS Bugs Won't Bite Y'er Butt?

Presented at ShmooCon XI (2015), Unknown date/time (Unknown duration)

2013 saw the disclosure of the most BIOS vulnerabilities ever. Mostly due to our research. Mostly due to the fact that where people don't look, problems fester. The problem is, defenders typically don't track BIOS bugs the way they track the latest patch tuesday reports. Which means your enterprise is almost certainly rife with BIOS bugs, and you don't even know it. This talk will be a quick run through the BIOS vulnerabilities & PoC malware that have been disclosed in the last couple years, and what you can concrete steps you can take to start performing BIOS vulnerability checking, and integrity checking, to protect yourself or your company.

Presenters:

• Corey Kallenberg
  Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.
• Xeno Kovah
  Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.

Similar Presentations:

• VB2017 / Have you scanned your BIOS recently?
• Black Hat USA 2013 / BIOS Security
• DeepSec 2014 „Do you want to know more?“ / A Myth or Reality - BIOS-based Hypervisor Threat