Eclypsium researchers discovered #BootHoleVulnerability in the GRUB2 bootloader that can be used to gain arbitrary code execution on majority of Linux and Windows based systems, even when they are not using GRUB and Secure Boot is enabled. bit.ly/3g9AYuk

The first part of liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative and discuss techniques to reverse, debug and fuzz UEFI drivers labs.sentinelone.com/moving-from-co…

Easy to unpack any SPI dump with CHIPSEC : chipsec_util decode spi.bin

Use CHIPSEC to play with UEFI variables. Lots of cool stuff there. OS sees a lot fewer variables that there is stored in NVRAM

TrickBot Now Offers ‘TrickBoot' Vitali Kremez @IntelAdvanced and @Eclypsium have discovered a new module in the TrickBot toolset aimed at detecting UEFI / BIOS firmware vulnerabilities, enabling #malware to persist, brick, and profit. #TrickBoot bit.ly/33DO1Qd

I give you the cyberpunk #badgelife Christmas tree of my dreams 🎄☠️ Happy Holidays, everyone!!!

. Eclypsium and CHIPSEC badges 🎉

Now, cross your fingers and pass this address as an additional argument to the CHIPSEC command. If all goes well, CHIPSEC should now be able to scan the boot script for any potential call-out vulnerabilities. Disclaimer: I only tried this on my own computer. Use at your own risk!

CHIPSEC now exposes the common.smm_code_chk module that verifies MSR_SMM_FEATURE_CONTROL is configured properly to mitigate SMM callout vulnerabilities.

Great point. Can also think of improving s3bootscript module to dump NVRAM directly (rather than read from runtime) and look up the AcpiGlobalVariable in NVRAM

Added new module to dump and parse the Windows SMM Mitigations Table.

Yep, CHIPSEC has TPM interface too: chipsec_util.py tpm help No ROCA test yet? #TPM15minsOfFame

Want to make your own persistent rootkit? Just sign your native windows binary with one of Hacking Team's revoked code signing certificates and you are all set! eclypsium.com/2021/09/20/eve… Certificate: bit.ly/3CBTfLE