Open Source Firmware Foundation
@osfw_foundation
Followers
840
Following
143
Media
12
Statuses
119
Open Source Firmware Foundation
Santa Clara, California. USA
Joined August 2020
Big News! @Siemens officially joined the Open Source Firmware Foundation as a Founding member. Welcome - and thank you for supporting us!
0
3
23
Vendors often emphasize their strong commitment to vulnerability resilience and a secure-by-design philosophy. However, achieving these goals is incredibly challenging when you don’t have control over the entire ecosystem and simply build on top of it.
2
8
23
🎉 The all-new Binarly Transparency Platform v2.5 introduces Reachability Analysis to help security teams prioritize vulnerabilities by analyzing the potential reach and impact of exploitable code paths. A game-changer in software security! https://t.co/BOQ1dR2F1V
1
16
25
We believe in giving back to the research community that drives progress! We are proud to support OpenSecurityTraining2 in advancing security education and knowledge sharing.
Thanks to @binarly_io for Sponsoring #OST2 at the Gold🥇 level! Learn more about them here:
0
10
27
🚨 #PKfail has been assigned CVE-2024-8105. Today, CERT/CC also published VU#455367: https://t.co/izw4OPMb2m Full story: https://t.co/cWRWn9fLSD Detection tool: https://t.co/5vCoZKbPR5
https://t.co/DCPk0kA8Ov
0
25
51
The question is whether this key is reused (like the Intel Boot Guard story) across the Intel ecosystem or rotates per CPU generation or product line🍿 Confidential computing? 🔥
Intel HW is too complex to be absolutely secure! After years of research we finally extracted Intel SGX Fuse Key0, AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX. Here's the key from a genuine Intel CPU😀
2
18
65
Don't miss the rest of today's #DEFCON32 author signings! @mattburrough & @josweyers (Locksport) at 2:30pm. @sk3wl & Kara Nance (The Ghidra Book) at 3:30pm. @matrosov (Rootkits and Bootkits) at 4:30pm. Detailed schedule + map:
1
5
17
Try https://t.co/5vCoZKbPR5 Risk scanner based on the same Binary Intelligence engine as our Transparency Platform.
We’re thrilled to announce the launch of our new products at #BHUSA! Today, we introduced the #BinaryRiskHunt free scanner for UEFI FW, which can detect #PKfail, #LogoFAIL, and numerous other vulnerabilities. Get your SBOM with transitive dependencies! 🔬 https://t.co/xLzvSiydFC
1
12
26
"PKFAIL: Supply-Chain Failures in Secure Boot Key Management" -- coming to @LABScon_io 🎉 👏Kudos to Binarly REsearch Team! /cc @pagabuc @matrosov Something in the air, stay tuned🍿
0
9
18
🚨New! "PKFail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem." #PKfail is a supply-chain issue affecting x86/ARM devices around the globe. Blog: https://t.co/YteIzWpWrd Full report: https://t.co/w0jGB4wCYa A free scanning tool: https://t.co/22bIbLIFp0
4
63
96
#Scholarships available! #OSFC2024 💪 You still have time to apply for our scholarship program. Attendee Scholarship: https://t.co/ZQje7xkb1S And in the #CFP application process you can find more information about the speaker scholarship program: https://t.co/63w8nf53Rk
0
2
5
The state of the system firmware security requires a significant secure-by-design push. 🔥BRLY-DVA-2023-027: AMI SMM arbitrary code execution CVSS: High https://t.co/Tx4RVZpmlF 🔥BRLY-DVA-2023-028: AMI SMM memory corruption vulnerability CVSS: High https://t.co/yqhfBi4v9O
github.com
Binarly Vulnerability Research Advisories. Contribute to binarly-io/Vulnerability-REsearch development by creating an account on GitHub.
2
28
64
We had an incredible time at #RSAC with the @Binarly_io team! 🤙 This year's RSAC demonstrated how AI is swiftly adding layers of complexity to all existing software stacks, thrusting supply chain security into the spotlight. New types of threat actors who defy conventional TTPs
0
6
21
Two more days until Volume 2 of OSFF ByteTalks. This time we invited @OrangeCMS, and he introduces us into the topic: "From Hardware Design to Rich OS with No Code". Mark it in your calendars, May 2nd, 09.00AM PT, 06.00PM CET, 10.30PM IST More infos: https://t.co/S3npnb6OEr
2
6
17
Two more days until Volume 2 of OSFF ByteTalks. This time we invited @OrangeCMS, and he introduces us into the topic: "From Hardware Design to Rich OS with No Code". Mark it in your calendars, May 2nd, 09.00AM PT, 06.00PM CET, 10.30PM IST More infos: https://t.co/S3npnb6OEr
2
6
17
Proud of the team! We deployed generic IFUNC implantation detection in less than 24 hours with close to zero false positives. This demo shows our binary code intelligence engine in action by detecting the implantation of a backdoor in the crc64_resolve() function. This
@antitree Our Transparency Platform has already deployed the detection. This specific case with such a backdoor implantation is tricky and possible only with deep code analysis for validation to reduce the FPs and not overwhelm security teams with alert fatigue.
1
36
167
Today there will be a public OSFF call. If you like to join in, check out the details at https://t.co/VtSRoVror2 See you there!
osfw.foundation
Open-Source Firmware Foundation is a non-profit organization dedicated to the development and promotion of open-source firmware.
0
0
3
@vincentzimmer and @abarjodi talking about "Intel FSP Customizations" live now on @osfw_foundation ByteTalks. Join in via https://t.co/5snCqay5Ep or watch the recording later on!
0
3
10
Reminder: OSFF ByteTalks Vol. 1 "Intel FSP Customization - Remove non mandatory components in the Intel FSP" is happening Thursday: 9.00am PT, 6pm CET, 10.30pm IST. Check out all the details here:
1
9
14
Reminder: OSFF ByteTalks Vol. 1 "Intel FSP Customization - Remove non mandatory components in the Intel FSP" is happening Thursday: 9.00am PT, 6pm CET, 10.30pm IST. Check out all the details here:
1
9
14