2013 saw the disclosure of the most BIOS vulnerabilities ever. Mostly due to our research. Mostly due to the fact that where people don't look, problems fester. The problem is, defenders typically don't track BIOS bugs the way they track the latest patch tuesday reports. Which means your enterprise is almost certainly rife with BIOS bugs, and you don't even know it. This talk will be a quick run through the BIOS vulnerabilities & PoC malware that have been disclosed in the last couple years, and what you can concrete steps you can take to start performing BIOS vulnerability checking, and integrity checking, to protect yourself or your company.
Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.
Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.