Betting BIOS Bugs Won't Bite Y'er Butt?

ShmooCon XI - 2015

Presented by: Corey Kallenberg, Xeno Kovah
Date: Friday January 16, 2015
Time: 18:00 - 18:25
Location: One Track Mind

2013 saw the disclosure of the most BIOS vulnerabilities ever. Mostly due to our research. Mostly due to the fact that where people don't look, problems fester. The problem is, defenders typically don't track BIOS bugs the way they track the latest patch tuesday reports. Which means your enterprise is almost certainly rife with BIOS bugs, and you don't even know it. This talk will be a quick run through the BIOS vulnerabilities & PoC malware that have been disclosed in the last couple years, and what you can concrete steps you can take to start performing BIOS vulnerability checking, and integrity checking, to protect yourself or your company.

Xeno Kovah

Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.

Corey Kallenberg

Xeno Kovah & Corey Kallenberg started LegbaCore in 2015 to wield Papa Legba's dark magics for the betterment of all mankind. LegbaCore specializes in vulnerability discovery, deep system security (OS/VMM/SMM/BIOS/PeripheralFirmware), defensive technology that doesn't just fall over in a slight breeze, and poisoning the snake oil supply.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats