👢 Ready for a firmare implants bootcamp? Join Practical Firmware Implants and Bootkits by Mickey Shkatov (Mickey) and @JesseMichael, and create your own bootkit to boot! 🎟️ ringzer0.training/trainings/prac…

Very proud of this latest research coming out of my team here at Eclypsium 🤘 Watch for updates coming from OEMs in the coming days & make sure your BMC network is off the internet (we scanned, didn’t find much). Lock down your internal networks & use remote syslog.

Our team has discovered 3 vulnerabilities in American Megatrends, Inc. MegaRAC Baseboard Management Controller software.These vulnerabilities range in severity & include remote code execution & unauthorized device access w/superuser permissions.More here! bit.ly/3BytkXd

New Year wish is for Russia to fuck off

Are you looking to learn about Bootkits, Rootkits, SMM or UEFI exploitation and debug? With this ringzerø.training && @[email protected] class you will gain hands-on experience in these and more! ringzer0.training/trainings/prac… #RETURN23XPLOIT #offensivesecurity #Training

github.com/n0x08/Conferen… - I just uploaded the slides for my #BlueHat talk

We finally released our research about an 0day RCE we found on the Western Digital PR4100 NAS device. Check it out on our NEW WEBSITE: flashback.sh/blog/weekend-d…

It's no surprise that supply chain security has become a top national priority. In its recently-published SP 1800-34, NIST hones in on one of the most important, challenging aspects of #supplychainsecurity — devices. Here, we highlight the key takeaways. bit.ly/3J5NRFj

New release: #TinyTracer v2.3 : github.com/hasherezade/ti… - with improved syscalls tracing support - now syscalls are automatically mapped to corresponding functions names

Such a loss :(

Attention anyone having an MSI motherboard or computer. MSI just said they were hacked and attackers might have tried modifying BIOS and software updates. Disable all updates from MSI for the time being pcmag.com/news/msi-confi…

ShadowHammer campaign all over again but with MSI now

Eclypsium analysis found a backdoor in Gigabyte systems implementing intentional functionality during system startup. Due to significant #supplychainrisk, we're disclosing this info & defensive strategies on an accelerated timeline >> bit.ly/3N6axIA #supplychainsecurity

Hundreds of models of Gigabyte motherboards, used in gaming and other high-performance computers, have a backdoor in their firmware that invisibly downloads code to the machine at startup—and does so insecurely, leaving the feature open to abuse. wired.com/story/gigabyte…

I found a remote(-ish) memory corruption bug in Intel's BIOS. Bluetooth HID Report parsing is yucky research.nccgroup.com/2023/08/08/int…

Added #downfall detection via content update

I've been getting to know Bluetooth recently, and it is a scary place :) github.com/skysafe/reblog…

found a critical bug that exists in every Linux boot loader signed in the past decade 🥰 github.com/rhboot/shim/co…

If you use llamafile, llama.cpp, llama-cpp-python, Oobabooga, LMStudio or any other software that exposes llama.cpp grammar sampling, I found a few remotely exploitable bugs triggered through a single web request that got patched today. More to come from my work at @Eclypsium

The BadCAM research has been published! Why is this significant? Attackers can now weaponize connected USB peripherals that run Linux and do not validate firmware signatures.