🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Proud from this research ;-) CC: Alex Tereshkin, Jared Candelaria, Max Bazaliy, igoo!, NVIDIA PSIRT nvidia.com/en-us/security…

Looked at Intel implementation of SMM hardening and PPAM last night. Few pointers in a thread. Starting from the official overview, and terms: intel.com/content/dam/ww… - Intel System Resources Defense (ISRD); marketing name of the SMM hardening technology

Enjoyed this talk by ivs at hardwear.io about SMM isolation and bugs in MSFT's implementation youtube.com/watch?v=nOQyZw… A good reference for auditing other implementations. Also, the remark on auditing policies has a point. I bet that kind of issue is going to be found

🧵1 Kc Udonsi and I wanted to say thanks to the people whose CVE discoveries, vulnerability write-ups, and PoCs we used to create the material for #OST2 ost2.fyi/Vulns1001. So thanks go out to the following contributors…

My 2c on the #BlackLotus UEFI bootkit (thanks, ESET Research): - "Exploitation Less Likely" is proven wrong, hope for a new DBX revocation list. - not trusting UEFI CA saves the day yet again. - having a single NV+BS variable as a gateway to booting whatever is a bad idea.

🔥New blog: "The Untold Story Of The #BlackLotus UEFI Bootkit". 🔬Binarly REsearch discovered new interesting data points about the nature of the BlackLotus code. It appears it based on the Umap GitHub (2020) or coincidently arrived at the same ideas. binarly.io/posts/The_Unto…

NVIDIA has released a security bulletin for NVIDIA DGX-2, DGX Station A100, and DGX A100. Thanks to our own NVIDIA Offensive Security Research (OSR) team for: CVE‑2022‑42274, ‑42280, ‑42282, ‑42283, ‑42286, ‑42287, ‑42289, and ‑42290. nvidia.com/en-us/security/.

RISC-V (RISC-V International) Control Flow Integrity (CFI) is coming and I'm proud to be one of the contributors to this important security extension. Full spec is available here: github.com/riscv/riscv-cf…

Bug bounties are broken - the story of "i915" bug, ChromeOS + Intel bounty programs, and beyond Google VRP (Google Bug Hunters) Intel Security How the unspoken problems of bug bounties can be addressed? "Imbalance of Power" is a real problem and it should be changed. blog.pi3.com.pl/?p=931

We enjoyed doing this research, super fun stuff. See you all in Vegas!

Check out the abstract of our upcoming DC talk :) CC: Adam 'pi3' Zabrocki forum.defcon.org/node/245714

What is BMC? Should we care about BMC's security? How easy is it to hack it? You can find all the answers during our talk (CC Alex Tereshkin) at DEF CON at 3:30pm on Saturday ;-) Join us! forum.defcon.org/node/245714 CC: Max Bazaliy, igoo!, NVDA RISC-V FW dude #DEFCON31 #Defcon

🔬OSR Team keeps rocking! Alex Tereshkin and Adam 'pi3' Zabrocki keep digging into BMC and FW rabbit hole. 🔥The main caveat is that most of those discoveries are related to IBVs reference code and impact the entire industry. ⛓️One vendor fix != Industry ⛓️Supply Chain Security is hard!

#LogoFAIL abstract is online! Embargo ends on Dec 6th. LogoFAIL impacting all major IBVs reverence code: AMI, Insyde, and Phoenix. Also, this attack is not silicon-specific but UEFI-specific🔥 and impacts ARM and x86. Kudos to @Binarly_io REsearch team! blackhat.com/eu-23/briefing…

Thanks, Xeno. Those were fun times indeed. Much respect to LegbaCore research! #ResearchRespect

Nice writeup! Thanks guys.

New blog post: Tales from the Call-Gate: An SMM Supervisor Vulnerability labs.ioactive.com/2024/10/tales-… n3k

Found a nice little SecureBoot bypass in a sizable bunch of UEFI firmwares, will share the details when able. Meanwhile, this is the SHA2-256 of the PoC tool to trigger it: 530584749f90d187ac20f77c6d4bb2e09ec1c852090962dfab01c4274a8a6d2d

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…