Talk Title:

Automated vulnerability hunting in SMM using Brick

Abstract:

Ever since its introduction, SMM was considered by many to be one of the most powerful execution modes of Intel CPUs.

Unfortunately, practice has shown that more often than not, SMM code provided by most OEMs is poorly written and suffers from a myriad of security issues that can be exploited by attackers to elevate their privileges.

So far, hunting for SMM vulnerabilities was a tedious and mostly manual process, suitable only for domain experts. This talk aims to change all of that by presenting Brick, an easy-to-use, automated vulnerability scanner that searches for common vulnerabilities and anti-patterns in SMM code. Along the way, we'll also review some actual CVEs that were discovered by this tool.

Speaker Bio:

Assaf Carlsbad is a security researcher and a member of the Innovation team @ SentinelOne.

Assaf has more than a decade of experience in software engineering and security. His current research interests include below-the-OS security, fuzzing, symbolic execution and anything in-between. Outside of infosec, Assaf enjoys studying Philosophy, running outdoors and training in martial arts.

Itai Liba is a Sr. Security Researcher and a member of the Innovation team @ SentinelOne.Itai has over 20 years of software experience, most of them in roles related to security, reverse engineering and vulnerability research. His interests include Computers, Electronics, Mechanics and much more.