LogoFAIL: Security Implications of Image Parsing During System Boot
Bio:
Alex Ermolov leads supply chain security research & development at Binarly Inc. With more than 10 years of experience in researching low-level design, firmware and system software built for various platforms and architectures, he helps to create a solution for protecting devices against firmware threats.
Content:
Everyone loves to customize and personalize their own devices: from text editors to background pictures, from operating systems to keyboard shortcuts, each device is almost unique. One of the most exotic customizations, done either for personal tastes or for company branding, is personalizing the logo displayed by the BIOS during boot. But what are the security implications of parsing user-supplied (a.k.a. "attacker-controlled") logo images during boot? Aren't we jumping back straight to 2009, when Rafal Wojtczuk and Alexander Tereshkin exploited a BMP parser bug in UEFI reference code… right?!
Enter LogoFAIL, our latest research revealing significant security vulnerabilities in the image parsing libraries used by nearly all BIOS vendors to display logo images during boot. Our research highlights the risks associated with parsing complex file formats at such a delicate stage of the platform startup. During this talk, we will show how some UEFI BIOSes allow attackers to store custom logo images, which are parsed during boot, on the EFI system partition (ESP) or inside unsigned sections of a firmware update. We also shed light on the implications of these vulnerabilities, which extend beyond mere graphical rendering. In fact, successful exploitation of these vulnerabilities allows attackers to hijack the execution flow and achieve arbitrary code execution. LogoFAIL vulnerabilities can compromise the security of the entire system rendering "below-the-OS" security measures completely ineffective (e.g., Secure Boot). Finally, our talk will include a detailed explanation of how we successfully escalate privileges from OS to firmware level by exploiting a real device vulnerable to LogoFAIL.
We disclosed our findings to different device vendors (Intel, Acer, Lenovo) and to the major UEFI IBVs (AMI, Insyde, Phoenix). While we are still in the process of understanding the actual extent of LogoFAIL, we already found that hundreds of consumer- and enterprise-grade devices are possibly vulnerable to this novel attack.
Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security
Bio:
Alex Matrosov is CEO and Founder of BInarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. Alex has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE). Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community.
Content:
Baseboard Management Controllers (BMC) possess unparalleled administrative authority over server systems, making their security imperative. Yet, surprisingly, the protocols and software employed in BMCs are often antiquated and riddled with vulnerabilities. Our team at Binarly REsearch has unearthed multiple vulnerabilities of critical and high severity in the Supermicro Intelligent Platform Management Interface (IPMI). These vulnerabilities have the potential to enable persistent control over not only the BMC itself but also the host operating system and host system firmware. At the moment, more than 70,000 endpoints are known that can be attacked remotely using the discovered vulnerabilities.
The peculiarities in BMC software development often pose a unique challenge to hardware vendors. They have to incorporate elements like a web server for interaction with external users, an area where they may lack expertise. Coupled with limited development resources and an unawareness of common web attacks, this often leads to serious issues in system security. In fact, even today, one can discover critical vulnerabilities in BMC firmware that are susceptible to attacks devised two decades ago, such as OS command injection and DOM-based Cross-site scripting. This susceptibility is often a by-product of inadequate user input filtering.
In our presentation, we aim to dissect common attack surfaces against BMC-utilizing devices and the potential ramifications of these attacks. We will share discoveries from our intensive investigation of the Supermicro IPMI, shedding light on the persisting vulnerabilities and their profound implications on overall system security. We will also go through the fundamental safety rules for setting up BMC systems and explain their importance.
CTO & Co-Founder at "ViperX", Red Team and Security Research company. Conducting activities to protect high risk unsafe assets, simulating real-world attacks to test the effectiveness of the security posture of an organization. We are comprehensive and often involve exploiting various systems, Vulnerability Researching, Social Engineering, Physical/Remote Security tests, and more.
Cyber Security Specialist with more than 7 years of experience in Pentesting, Vulnerability Researching, and Exploit Development. Since 17 years old are practicing Advanced Exploitation (Linux & Windows), Reverse Engineering, Malware Analysis, and Programming.
Content:
Esta palestra tem como o foco cobrir parte da história de vulnerabilidades, que até hoje aterrorizam o driver AFD.sys. Também, apresentaremos o seu reversing de IOCTL's juntamente com a explicação técnica da CVE-2023-21768 (Arbitrary Write 0x1), que utiliza da implementação de I/O Rings como método para ataques de Privilege Escalation.
Por fim, a ideia principal do conteúdo tem como explicar novas metodologias de exploração em versões mais recentes no Kernel do Windows, e expôr novas possibilidades de estudos na área sobre vulnerabilidades do tipo "Arbitrary Write".
After a few years of incident response in a very large and crazily diverse environment, Brian has changed back into a more offensive area. Focusing on operational technology and the railway sector, he’s applying his knowledge from past projects in the areas of embedded-, hardware-, mobile- and telecommunications-security to ginormous vehicles driving at high speeds and everything surrounding them. While combining a closed environment and good old hacking spirit results in a fair amount of challenges, he’s doing his best to fuse both world together and carry on sharing fun insights.
Content:
For a few years now AEDs, Automatic External Defibrillators, have spread around Germany, extending the options normal people have while administering first aid. The idea is simple: The AED measures all necessary heart parameters (ECG, ElectroCardioGram) automatically and only allows the defibrillator to function, when helpful. Most of them have a display giving instructions, many of them provide audio instructions, in addition to monitoring the heart, this requires a bit of firmware.
During the talk we will take a look into a Paramedic CU-ER1 AED. While not being the newest model, it supports transferring data to a PC via Serial, serial printers, SmartMedia cards and firmware updates…and as such quite an interesting attack surface.
The talk will cover both the fun analog electronics for generating the shocks and the control hardware and software. If the airline doesn’t mind, the AED will be on stage and might show a trick or two
Keynote: From student of compilation to mother of decompilation
Bio:
As Vice President of Oracle's Software Assurance organisation, I lead a team of world-class security researchers and engineers whose passion lies in solving the big issues in Software Assurance. Our mission is to make application security and software assurance, at scale, a reality. We enjoy working with today's complex enterprise systems composed of millions of lines of code, variety of languages, established and new technologies, to detect vulnerabilities and attack vectors before others do. Automation is important, so are security assessments.
Cristina was the founding Director of Oracle Labs Australia in 2010, a team she led for close to 12 years. As Director of Oracle Labs Australia, I led a team of world-class Researchers and Engineers whose passion lies in solving the big issues in Program Analysis. Our team specialises in software vulnerability detection and developer productivity enhancement – in the context of real-world, commercial applications that contain millions of lines of code. My team successfully released Oracle Parfait, a static analysis tool used by thousands of C/C++/Java developers each day. Our inventions have resulted in dozens of US patents at Oracle and Sun Microsystems, and our impact on program analysis is well known through our active participation and publication record.
Cristina’s passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at the Queensland University of Technology, which led to her being named the Mother of Decompilation for her contributions to this domain. In an interview with Richard Morris for Geek of the Week, Cristina talks about Parfait, Walkabout and her career journey in this field.
Before she joined Oracle and Sun Microsystems, Cristina held academic posts at major Australian Universities, co-edited Going Digital, a landmark book on Cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering.
Cristina continues to play an active role in the international programming language and software security communities. Where possible, she channels her interests into mentoring young programmers through the CoderDojo network and mentoring women in STEM.
Content:
Having worked on a machine code interpreter for the Modula-2 language for my Compilers project in 1990 and later integrating it into a mixed GPM Modula-2 compiler/interpreter for the 8086 during the summer of 1990-91 meant that I was familiar with assembly language and had a notion of transforming an intermediate representation into executable assembly code. Enjoying compilers and hearing about the latest viruses that were becoming popular in DOS binaries raised my interest in looking into binaries/executable programs to determine how to reverse compile them back into a high-level language representation, to be able to aid with an automated tool in understanding what the virus code was doing. And hence I enrolled in a PhD in April 1991.
29 years ago, in July 1994, I submitted my PhD thesis on "Reverse Compilation Techniques". Little did I know that such a fun project, looking into 80286 DOS binaries and reading assembly, drawing graphs of groups of assembly instructions, understanding how parameters were passed in assembly language, determining what optimising compilers would do to optimised parameters and code, following variables through a function and the whole program to understand data flows and how variables were stored on the stack or memory; would result in techniques that would be picked up in the 2000s with the growing interest in application security.
In this informal talk I give a retrospective on the decompilation PhD work, the growing interest on this technology throughout the past two decades, examples of commercial uses of decompilation, and conclude with a bit on ColdPress, a malware analysis tool that makes use of decompilation.
INCEPTION: Exposing New Attack Surfaces with Training in Transient Execution
Bio:
Daniël Trujillo is a PhD student in Computer Science at MIT, focusing on microarchitectural security. He holds a MSc from ETH Zürich and a BSc from VU Amsterdam, both in Computer Science. His research includes hardware reverse engineering and transient execution attacks on commodity CPUs. He recently won an ETH Medal for his Master’s thesis, which resulted in security patches on all systems with an AMD CPU produced since 2017.
Content:
To protect against transient control-flow hijacks, software relies on a secure state of microarchitectural buffers that are involved in branching decisions. To achieve this secure state, hardware and software mitigations restrict or sanitize these microarchitectural buffers when switching the security context, e.g., when a user process enters the kernel. Unfortunately, we show that these mitigations do not prevent an attacker from manipulating the state of these microarchitectural buffers in many cases of interest. In particular, we present Training in Transient Execution (TTE), a new class of transient execution attacks that enables an attacker to train a target microarchitectural buffer after switching to the victim context. To show the impact of TTE, we build an end-to-end exploit called INCEPTION that creates an infinite transient loop in hardware to train the return stack buffer with an attacker-controlled target in all existing AMD Zen microarchitectures. INCEPTION leaks arbitrary kernel memory at a rate of 39 bytes/s on AMD Zen 4 despite all mitigations against transient controlflow hijacks, including the recent Automatic IBRS.
Before joining the University of Illinois Information Trust Institute (ITI) in 2011, Edmond Rogers was actively involved as an industry participant in many research activities in ITI’s TCIPG Center, including work on CyPSA Cyber Physical Situational Awareness, NetAPT (the Network Access Policy Tool) and LZFuzz (Proprietary Protocol Fuzzing). Rogers also has developed and delivers customized training on ICS defense at the TCIPG Summer School and to utilities directly. Rogers leverages his wealth of experience to assist ITI researchers in creating laboratory conditions that closely reflect real-world configurations. Rogers has spoken across the world regarding defense of critical infrastructure at conferences such as, Bsides London, H2HC, Blackhat, Defcon, BsidesLV, Troopers, BerlinSides and he is currently the president of Hackito Ergo Sum.
Content:
Think for a minute what could be done if instead of code review we could observe the behavior of data allocations as they occur in a running kernel. In this talk we will discuss techniques and tools we use to profile kernel allocations. The ocean is boiled thanks to engineering improvements to memorizer https://fierce-lab.gitlab.io/memorizer/dashboard/index.html including engineering a port memorizer to the version 6 kernel. Allocation data can provide a ground truth allowing for attestation of all of the interactions that a running software has during its execution in the operating system. We will also demonstrate what kind of data visualizations are possible with kernel allocation data. We will then go through a use case showing the value of a buss sniffer for kernel ring0 allocations.
Eduardo Vela knew almost nothing about CPU bugs a few years ago. Due to a series of unfortunate events, he managed to get involved in the security response for several CPU vulnerabilities, and how to fix them at Google, and in the meantime, had to learn how all this works. Besides overall vulnerability response at Google, Eduardo also does Linux Kernel security, Web security and overall Application Security in general. He believes that CPU research is most similar to Web security from all other fields, and challenges anyone a beer if they can change his mind.
Content:
You can start researching CPU bugs today! CPU bugs and hardware bugs in general have an aura of being hard targets to test and experiment with. That's an illusion. Everyone can do it. By the end of this talk, you'll know enough to bootstrap your own security research and have all the resources you need to start experimenting with architectural bugs. I'll share my own experience learning about CPU security from my amazing colleagues, and how we've navigated the exciting space of architectural and microarchitectural security vulnerabilities!
The Plague of Predictable Transient Numeric Identifiers
Bio:
Fernando Gont is currently Staff Platform Security Engineer at Yalo.
Gont has over twenty years of industry experience in the fields of Internet engineering and information security, working for private and governmental organizations from around the world.
Before joining Yalo, he was a security consultant and researcher at SI6 Networks, Director of Information Security at EdgeUno, and consulted for organizations such as the UK National Infrastructure Security Co-ordination Centre (NISCC), the UK Centre for the Protection of National Infrastructure (CPNI), and Huawei Technologies Ltd..
Content:
During the last 35 years, a large number of implementations of IETF protocols have been subject to a variety of attacks, with effects ranging from Denial of Service (DoS) or data injection to information leakages that could be exploited for pervasive monitoring. The root cause of these issues has been, in many cases, the poor selection of transient numeric identifiers in such protocols.
In this presentation, Fernando will illustrate the security and privacy implications of predictable transient numeric identifiers using a sample of flawed identifiers from different layers, and walk the attendee through the analysis and mitigation of the associated vulnerabilities. Finally, Fernando will discuss recent work carried out by the IETF and IRTF in this area, aimed at changing the course of history for transient numeric identifiers of new protocols and implementations.
SQLi to Root Access: Exploiting a ISP infrastructure
Bio:
My name is Ignacio, I am 25 years old and I am from Río Cuarto, Argentina. Ethical Hacker/Application Security. I started to enter the world of infosec about 6 years ago.
My interests include code analysis, webapps security and cloud security. Speaker at Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.
Content:
What if we play with the ISP? In this talk I am going to tell you how one day, something that started as a simple SQL injection, going through LFI, RCE, ended up in a pwn of an internet provider in my country that affected more than 25 cities, being able to intercept user traffic and other stuff.
Johannes is a 3rd year PhD student at the COMSEC group in ETH Zurich and researches branch (mis)prediction, primarily on x86 processors. After 4 years working in industry as a software engineer, he returned to academia to study microarchitectural security. Since then, his work has led to the security patching of processor microcode, operating systems, and web browsers.
Content:
Violating the Von Neumann sequential processing principle at the microarchitectural level is commonplace to reach high performing CPU hardware — violations are safe as long as software executes correctly at the architectural interface. Speculative execution attacks exploit these violations and queue up secret-dependent memory accesses allowed by long speculation windows due to the late detection of these violations in the pipeline. In this paper, we show that recent AMD and Intel CPUs speculate very early in their pipeline, even before they decode the current instruction. This mechanism enables new sources of speculation to be triggered from almost any instruction, enabling a new class of attacks that we refer to as Phantom. Unlike Spectre, Phantom speculation windows are short since the violations are detected early. Nonetheless, Phantom allows for transient fetch and transient decode on all recent x86-based microarchitectures, and transient execution on AMD Zen 1 and 2. We build a number of exploits using these new Phantom primitives and discuss why mitigating them is difficult in practice
Ghostbusting with CodeQL: finding gadgets for transient execution bugs
Bio:
Jordy Zomer is a security engineer at Google with expertise in vulnerability research, kernels, and static analysis. He is currently exploring the world of microarchitectural security and finding ways to apply his knowledge to this field.
Content:
Practical exploitation of transient execution bugs poses new challenges in comparison to traditional vulnerabilities such as memory corruptions. To exploit a program, an attacker must identify the most exploitable code paths, control sufficient data and registers, and devise a reliable way to send the signal via a side-channel (usually called gadgets). CPU vulnerabilities that require gadgets are often assessed as lower impact because finding useful gadgets is difficult. CPU and OS vendors have agreed to fix gadgets on a case-by-case basis (e.g., Spectre V1, L1TF), but this approach does not scale for gadgets found by tools and requires manual analysis. Using CodeQL, we modeled the patterns for these gadgets as queries and used data flow analysis to find flows from user-controlled data to the gadgets. This reduced the search space significantly and made it possible to find gadgets that would otherwise have been difficult to discover and verify. This approach enabled us to find many potentially exploitable gadgets, including one that was actually exploitable.
Jorge é CTO da Ret2One, empresa de infosec brasileira, um dos mais jovem a palestrar na H2HC com apenas 16 anos, membro da Epic Leet Team e pesquisador de vulnerabilidades focado e especializado em navegadores.
Content:
O Chrome vem criando mitigações e hardenizações cada vez mais fortes e rígidas, principalmente para o v8, por ser o alvo mais visado para explorar o render process, nessa palestra vamos estudar a fundo as mitigações e sandboxes implementadas até então e explorar uma nova técnica que será explanada durante a palestra abusando da confiança do assembly, gerado pelo LiftOff, dentro da v8 Cage. Life and death of an Chrome/v8 attacker.
Organizer of the Defcon Car Hacking Village and also of the H2HC Car Hacking Village
Content:
Bluetooth has been a popular target for car hackers in the past few years, and lots of great vehicle security research featuring Bluetooth vulnerabilities have been published by researchers all around the world. While Bluetooth is used in much more than just vehicles, automotive Bluetooth security research has led to some very creative exploits in recent history. Bluetooth security research is complicated, however, since Bluetooth is a complicated protocol! (It's actually a bunch of smaller protocols wearing a large trench coat) This talk will introduce participants to the different types of Bluetooth vulnerabilities that exist, and explore the nuances of exploiting Bluetooth at different layers. We will also introduce resources for developing Bluetooth exploits, fuzzing Bluetooth interfaces, and finding targets for hacking Bluetooth in cars.
Marc "vanHauser" Heuse has been active in IT security for over 25 years, conducting security assessments for international firms to uncover vulnerabilities in their systems.
He founded the research group "The Hacker's Choice," which has published a variety of well-known security tools and information and is also the founder of the development group AFLplusplus, which has developed the world's most reputable fuzzing software.
Having authored numerous renowned security programs, including Hydra, AFL++, SuSEfirewall, thc-ipv6 and many others, he has made a name for himself.
He currently works as a team lead for code assurance at SRLabs in Berlin.
Content:
Whether you're a blockchain enthusiast or skeptic, the distinctive challenges and risks presented by blockchains are undoubtedly captivating.
While much of the security discourse often revolves around smart contract analysis, this presentation delves into the assessment of the blockchains themselves. The stakes are high: a simple glitch could bring an entire blockchain to a halt, and subtle discrepancies between node implementations can lead to unintended forks. Notably, memory safe development languages do not fully mitigate these concerns.
Building upon our extensive experience — with insights from several hundred reported blockchain security incidents we reported — we've pinpointed prevalent vulnerabilities.
In this talk, we will present the potential ramifications of each vulnerability and show strategies to detect them. Furthermore, we will demonstrate techniques to fuzz blockchains and share our open-sourced tools designed for this purpose.
Matt is a vulnerability researcher at L3 Harris Trenchant
Content:
Here we consider the mechanism for freelist hardening incorporated into the Linux kernel in April 2020 corresponding to the configuration parameter CONFIG SLAB FREELIST HARDENED.
We are motivated by the following question: does this mechanism deter a real-world attacker?
I have been working for +17 years as Security Researcher and Exploit Writer writing exploits for multiple platforms, specially for Windows kernel (and related to).
Besides, I researched and presented many offensive security projects in different security conferences.
Content:
For years, Microsoft has put a lot of effort to mitigate privilege escalation attacks (EoPs), either by protecting user (like Windows services) or kernel (via different mitigations). Most of the work has been done to prevent that unprivileged users get elevated permissions like SYSTEM (something easily reachable running as Administrator).
Despite of that, new attack techniques continue appearing in the wild, which means offensive security researchers continue evolving, even at the time you are reading this...
In this talk, I'm going to present a usermode design flaw that I've recently found, which it's the combination of a Windows dark ""functionality"" (recently revealed by Google Project Zero guys) and an insufficient check, which allows to escalate privileges from Medium to High integrity level (or kind of) in a deterministic way (reliability of 100%).
During this presentation, I'll explain the source of the problem and I'll show an alive demo with a full working exploit (launching a Calculator/Notepad running as Administrator from Medium IL) in the latest Windows version.
The vulnerability is still present in the latest versions of Windows 10 (22H2), Windows 11 (22H2) and Windows 11 (23H2 - not released yet), which has been recently reported to Microsoft.
Two transient execution vulnerabilities you have probably not heard about: Snoopy and CRAP
Bio:
Pawel Wieczorkiewicz is a Security Researcher at Open Source Security Inc., a company developing the state-of-the-art Linux kernel hardening solution known as grsecurity. His research focuses on offensive security aspects of transient and speculative execution vulnerabilities, side-channels, and the effectiveness of defensive mitigations in OSes and hypervisors. Pawel's deep interest in low-level security of software and hardware has resulted in the discovery of a number of vulnerabilities in AMD and Intel processors in addition to the Linux kernel and Xen hypervisor system software.
Content:
There is a plenty of well-known transient or speculative execution vulnerabilities out there, you have probably heard a lot about: Meltdown, Spectre and more recent Downfall to name a few.
Sometimes, however, a little less impactful vulnerability gets published and completely misses the spotlight. This was the case for the two vulnerabilities we will discuss in this talk:
* Intel's CVE-2020-0550 Snoop-assisted L1 Data Sampling (aka Snoopy)
While less famous, they are both quite interesting from a technical standpoint: exploitation as well as root causing requires quite niche CPU microarchitecture knowledge.
In this talk I will discuss details about these two bugs and share what I learned about dark corners of CPU microarchitecture while discovering and/or reporting them.
LLVM CFI and Cross-Language LLVM CFI Support for the Rust Compiler
Bio:
Ramon is an Information Security Engineer at Google, working with vulnerability research and mitigations development. He is also an early developer and longtime contributor of Metasploit, and Lead of the Exploit Mitigations Project Group of the Rust compiler.
Previously, he worked as a Principal Software Engineer at Blizzard, member of the Game Security Engineering Team, working embedded with the game development teams, where he worked on games such as Diablo, StarCraft, WarCraft, and World of Warcraft.
Before working professionally with information security, he participated in some subcommunities/subcultures of The Scene, and also co-founded one of the earliest vulnerability research groups in Brazil.
Content:
As the industry continues to explore Rust adoption, cross-language attacks in mixed-language binaries (also known as “mixed binaries”), and critically the absence of support for forward-edge control flow protection in the Rust compiler, are a major security concern when gradually migrating from C and C++ to Rust, and when C or C++ and Rust -compiled code share the same virtual address space.
In this talk we'll share the results of working with the Rust community to add LLVM CFI and cross-language LLVM CFI (and LLVM KCFI and cross-language LLVM KCFI) to the Rust compiler as part of the work in the upstream Rust Exploit Mitigations Project Group.
Never let good research go to waste: frustrating bounty experiences might make good conference talks
Bio:
Hi, I'm Reginaldo Silva, and I'm a software engineer who is passionate about security, and also a security researcher who builds software, depending on who you ask. The fact is that I've been programming and generally hacking computers since my early teens. My past research was one of the reasons most XML libraries come with external entity resolution disabled by default these days.
I worked at Meta from 2014 to 2020, both as a security engineer and as a software engineer. After I found a remote code execution bug in the main web server, they decided it was more economically viable to give me a job than to keep paying bounties one by one. I returned to Brazil in 2020 and was director of security at VTEX, the Brazilian digital commerce multi-national, back in 2021, and guided the company security posture during the IPO process. After leaving VTEX, I've been dedicating myself to security research and bug bounties yet again.
Content:
I'm going to talk about some of my most interesting findings from 2023, affecting LibreOffice and GNU tar. The talk is going to be a bit meta, more about the thought process that goes into finding these sort of bugs than on the issues themselves. I believe a security person is made of a twisted mind and a bag of tricks, and the first is way more important. An interesting aspect of my talk is that, even though the issues are in C/C++ software, they're not about memory corruption, but business logic. There will be interesting stories about reporting to the vendors and open research questions that people can tackle if they're interested.
From 1999, Shay has been serving as a professor of mathematics at the university of Haifa, and nowadays he is running a security program for the MBA program of the university’s Business School. Shay spent 12 years at Intel (2005-2017) as a Sr. PE, the Chief Core Cryptography architect, where he had the opportunity to work on architecture, microarchitecture and low-level software optimization for cryptographic libraries. He was blessed with the opportunity to execute the architecture and hardware of many instructions that are now part of the x86-64 Intel (and AMD) cores, and trickled to ARM. Here are a few: AES-NI, PCLMULQDQ, AVX ternlog, Vector-AES, Vector-PCLMULQDQ, VPMADD52, GF-NI. Shay designed and implemented the SGX below-ISA cryptography and the Memory Encryption Engine. He worked on software side channels and on optimized crypto code (search him in OpenSSL and BoringSSL).
In May 2017, Shay moved to AWS as a Sr. PE for cryptography. He worked on cloud scale crypto algorithms (e.g., KMS modes of operation) cryptographic strategy (e.g., AWS-LC) and post quantum strategy.
In April 2023 Shay moved to Meta, as a Distinguished Engineer, where he is now, leading a cross-company effort on crypto policies, performance and innovation.
Shay has lots of collaborations. Together with Yehuda Lindell from Bar-Shaylan university and Adam Langley from Google, he is a co-author on AES-GCM-SIV (RFC8452). Shay is a co-submitter of the Key Encapsulation Mechanism BIKE BIKE - Bit Flipping Key Encapsulation, which is a Round 4 alternative finalist in the NIST post quantum standardization project. Together with Nir Drucker and Dusan Kostic, my former Ph.D. students, Shay crafted and am maintaining the Additional Implementation (portable, optimized and constant time) of BIKE in this git repository.
Content:
In this talk, I will discuss some crypto acceleration techniques, namely algorithms, software optimizations and processor instructions, and show how they have changed the performance characteristics of symmetric key and public key cryptographic schemes and have impacted the selection of schemes in protocols such as TLS. Examples include, AES-GCM, AES-GCM-SIV, RSA, ECDSA with NIST P-256 curve.
I will explain recent developments where crypto acceleration instructions appear in “vectorized” (SIMD) versions that support processing up to 4 independent input streams in parallel, and additional instructions, namely GF-NI, that have been added to x86-64 architectures and can be useful as building blocks for symmetric key cryptography.
GatoROM: A New Attempt at Solving ROM Bit Ordering
Bio:
Travis Goodspeed is a reverse engineer of embedded systems from East Tennessee who has been boiling chips in acid and photographing their ROMs, as well as making the CAD software necessary to reverse engineer them. His passport was once lost by the consulate when applying for a Brazilian visa, but after a good cut of picanha, who could hold a grudge?
Content:
Brief Summary:
Presents a CLI tool and C++ library for solving the conversion from physically-ordered ROM bits to logically-ordered bytes. Matched against an interactive CAD tool, this allows a reverse engineer to work from photographs of a ROM back to a binary file that can be disassembled or emulated.
Abstract:
Many microcontrollers and smart cards hold their software in a permanent, mask-programmed ROM. Reverse engineers can photograph this ROM under a microscope and extract its physically-ordered bits into an ASCII art portrait, but to get bytes in logical order, they must solve the puzzle of the bit ordering.
After a brief introduction to ROM photography, I will present GatoROM, my recent attempt at a CLI tool and C++ library for decoding ROM bit ordering. With a little luck and a few pull requests, it's on track to automatically decode the majority of ROM dumps by identifying common opcodes, ASCII text, and interrupt tables.
Keynote: The story of UEFI (and its security mitigations)
Bio:
Vincent Zimmer is a Senior Principal Engineer in the Software and Services Group at Intel Corporation. Vincent Has been developing firmware for the last 25+ years and has led the efforts in EFI, now UEFI, security since 1999. In addition to chairing the UEFI Security Subteam in the UEFI Forum www.uefi.org and writing specifications and papers, Vincent has written several books on firmware https://www.amazon.com/Vincent-Zimmer/e/B002I6IW4A/. Vincent has spoken at several events, including Cansecwest, BSides, Toorcamp, Open Compute, and the Intel Developer Forum. Vincent also coordinates efforts on the EDKII security http://www.tianocore.org/security/ and represents Intel for the UEFI Security Response team www.uefi.org/security
Content:
This is a keynote talk that will cover Vincent's journey, from UEFI inception to the modern interations, with a focus on the security features and ecosystem.
Blue2thprinting (blue-[tooth)-printing]: answering the question of 'WTF am I even looking at?!'
Bio:
Prior to working full time on OpenSecurityTraining2 (ost2.fyi), Xeno worked at Apple designing architectural support for firmware security; and code auditing firmware security implementations. A lot of what he did revolved around adding secure boot support to the main and peripheral processors (e.g. the Broadcom Bluetooth chip.) He led the efforts to bring secure boot to Macs, first with T2-based Macs, and then with the massive architectural change of Apple Silicon Macs. Once the M1 Macs shipped, he left Apple to pursue the project he felt would be most impactful: creating free deep-technical online training material and growing the newly created OpenSecurityTraining 501(c)(3) nonprofit.
Content:
If one wants to know (for attack or defense) whether a Bluetooth (BT) device is vulnerable to unauthenticated remote over-the-air exploits, one needs to be able to query what firmware or OS the target is running. Unfortunately there is no universally-available method to get this information across all BT devices. There is also no past work that attempts to rigorously obtain this information. Therefore we have created the "Blue2thprint" project to begin to collect "toothprints" (2thprints) of BT devices, and bring the exciting world of forensic odontology to you!
This research discusses what information is readily available by existing inquiry tools and methods. We show how that information is not what we need, as it has been focused more on tracking individual devices, or on exposing device characteristics, models, and manufacturer information. We will show how some readily-available information *is* useful for giving partial answers about firmware and OS versions, but how this information is completely inconsistent in its availability or meaning. It turns out many 2thprints are missing teeth!
Thus we'll show why it is necessary to send custom packets and packet sequences in order to build more robust 2thprints. These custom packets and sequences cannot be created by using existing BT software interfaces. They require utilizing custom firmware on the packet-sending device.
This research will present a new state-of-the-art when it comes to exposing the known, the unknown, and the under-known of BT device identification. And it will show what work remains, before we can approach 100% identification for any random device that shows up in a BT scan.