For eveyone wondering what's @IntelSoftware planning for the Firmware Support Package 3.0 #fsp and USF is basically going fully closed-source on the firmware side. This means Intel's #fsp decides to drop #OSF open-source firmware. It's really a shame...

Our REsearch team is thrilled about the new IDA v9.0! #efiXplorer is fully compatible with v9.0 and still supports IDA v8.4🚀 🔬 https://t.co/WHYGifmjGS We are thrilled to announce IDAlib — idiomatic Rust bindings for the IDA SDK 🎉 Kudos to @xorpse! ⚙️ https://t.co/PLoNkf8sQn

I chatted with @_zaolin_ from @binarly_io about firmware vulnerabilities, reverse engineering binaries, and the challenges in responsible disclosure. Don't miss this deep dive into firmware security! Listen here: https://t.co/U6eaEjBbVl

The @QubesOS Summit 2024 has officialy started! We’d like to extend our gratitude once more to our Platinum Sponsors, @FreedomofPress Foundation and @mullvadnet for their unwavering support! Don't forget, you can still grab your virtual pass here:

NEW! Repeatable Failures: Test Keys Used to Sign Production Software…Again? 🔥Full details:

More updates will be coming tomorrow at the #LABScon stage. The problems related to the test and non-production keys are much bigger than we initially thought.

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew

🚨NEW: "PKfail Two Months Later: Reflecting on the Impact." by @pagabuc Based on https://t.co/QAEyz82xnv data 📈 🖥️10,095 unique firmware images uploaded 🔥791 of which contained an untrusted PK 🛟9304 is safe 💥8.5% vulnerable rate 🔬Full report: https://t.co/Xyxfgii7j7

🚀 Just one week until @LABScon_io , where @pagabuc and @matrosov unveil our latest research: “PKFAIL: Supply-Chain Failures in Secure Boot Key Management.” 🔬 This research dives into new data insights uncovered since the initial #PKFAIL disclosure, including a brand-new

🎤 Excited to announce @_zaolin_'s demo at Dasharo vPub: "@Binarly_io Risk Hunt: Finding Firmware Vulnerabilities in the Wild!" #Dasharo #FirmwareSecurity #Binarly #RiskHunt #CyberSecurity #Firmware #VulnerabilityHunting 📄 More info:

@_zaolin_ @binarly_io Philipp will showcase the latest updates to Binarly's Risk Hunt platform and demonstrate its capabilities. 🗓️ Sep 12, 19:00 UTC 🎟️ Sign up:

We believe in giving back to the research community that drives progress! We are proud to support OpenSecurityTraining2 in advancing security education and knowledge sharing.

🎉 The all-new Binarly Transparency Platform v2.5 introduces Reachability Analysis to help security teams prioritize vulnerabilities by analyzing the potential reach and impact of exploitable code paths. A game-changer in software security! https://t.co/BOQ1dR2F1V

Wohoo! @binarly_io has just released 2.5 of their platform with some major new capabilities like reachability analysis, custom rules , secret discovery and cryptographic asset discovery, and container support.

Most products that detect secrets do little more than a ‘strings’ looking for certificates and high entropy data. @binarly_io actually does reachability analysis which cuts down on the noise substantially enabling you to focus on what matters.

Thanks to @binarly_io for Sponsoring #OST2 at the Gold🥇 level! Learn more about them here:

We are thrilled to make Chiba public, a centralized management system PoC for racks running OpenBMC. We believe this initiative will enhance transparency within the OEM supply chain. Patch are welcomed! https://t.co/wDAQLXFfu5 @R0yMu @osfc_io @osfw_foundation #chiba #openbmc

The question is whether this key is reused (like the Intel Boot Guard story) across the Intel ecosystem or rotates per CPU generation or product line🍿 Confidential computing? 🔥

Last week, @NIST rolled out new guidance on Post-Quantum Encryption. ⏳The clock is ticking ... “Technology managers can inventory their systems for applications that use encryption, which must be replaced before cryptographically relevant quantum computers appear."

Returned to Cupertino and restarted my FWSEC job today. Was a productive leave and I was able to resolve most of the issues that pushed me into it, but selling everything and moving over the Atlantic just to move back in 4 month is no fun, will try not to repeat this ever again.

Don't miss the rest of today's #DEFCON32 author signings! @mattburrough & @josweyers (Locksport) at 2:30pm. @sk3wl & Kara Nance (The Ghidra Book) at 3:30pm. @matrosov (Rootkits and Bootkits) at 4:30pm. Detailed schedule + map: