CHIPSEC
@CHIPSEC
Followers
2K
Following
300
Media
3
Statuses
513
Open Source Platform Security Assessment Framework
Joined April 2014
Want to make your own persistent rootkit? Just sign your native windows binary with one of Hacking Team's revoked code signing certificates and you are all set! https://t.co/exqAYnxR4S Certificate: https://t.co/h3rVU7hRt7
4
73
212
Yep, @CHIPSEC has TPM interface too: chipsec_util.py tpm help No ROCA test yet? #TPM15minsOfFame
0
2
5
Added new module to dump and parse the Windows SMM Mitigations Table.
0
20
52
@CHIPSEC now exposes the common.smm_code_chk module that verifies MSR_SMM_FEATURE_CONTROL is configured properly to mitigate SMM callout vulnerabilities.
I find it super interesting that practical testing showed SMM_CODE_CHK_EN to be readable outside SMM, contrary to @intel docs! Way more useful if someone can check whether it's on, if you ask me. :-)
1
1
6
Now, cross your fingers and pass this address as an additional argument to the CHIPSEC command. If all goes well, CHIPSEC should now be able to scan the boot script for any potential call-out vulnerabilities. Disclaimer: I only tried this on my own computer. Use at your own risk!
0
2
5
Great point. Can also think of improving s3bootscript module to dump NVRAM directly (rather than read from runtime) and look up the AcpiGlobalVariable in NVRAM
If you ever encountered a machine where @CHIPSEC fails to obtain and parse the S3 boot script, chances are the 'AcpiGlobalVariable' (which should contain the pointer to the boot script) simply doesn't have the 'Runtime' attribute, and therefore it can't be enumerated from the OS.
0
0
3
. @eclypsium and @CHIPSEC badges 🎉
0
1
8
I give you the cyberpunk #badgelife Christmas tree of my dreams 🎄☠️ Happy Holidays, everyone!!!
17
65
310
TrickBot Now Offers ‘TrickBoot' @VK_Intel @IntelAdvanced and @Eclypsium have discovered a new module in the TrickBot toolset aimed at detecting UEFI / BIOS firmware vulnerabilities, enabling #malware to persist, brick, and profit. #TrickBoot
https://t.co/rIBlotTwzN
1
31
36
Use @CHIPSEC to play with UEFI variables. Lots of cool stuff there. OS sees a lot fewer variables that there is stored in NVRAM
Introducing MIDNIGHTTRAIN - A Covert Stage-3 Persistence Framework weaponizing UEFI variables https://t.co/GSfKyem8Kt
#Pentesting #RedTeam #Hacking #Infosec
0
10
32
Easy to unpack any SPI dump with @CHIPSEC : chipsec_util decode spi.bin
The first part of @liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative and discuss techniques to reverse, debug and fuzz UEFI drivers https://t.co/NlUu4R2lhm
0
2
10
The first part of @liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative and discuss techniques to reverse, debug and fuzz UEFI drivers https://t.co/NlUu4R2lhm
sentinelone.com
The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.
3
33
77
Eclypsium researchers discovered #BootHoleVulnerability in the GRUB2 bootloader that can be used to gain arbitrary code execution on majority of Linux and Windows based systems, even when they are not using GRUB and Secure Boot is enabled. https://t.co/9jc26InmfA
9
138
196