Talk Title:

How efiXplorer helping to solve challenges in reverse engineering of UEFI firmware

Abstract:

Existing UEFI analysis instruments lack a systemic approach to firmware vulnerability research focused on specifics of x86-based systems. No publicly known tools available for UEFI firmware vulnerabilities research focused on static analysis. Most of the common reversing tools focused on simplifying some reconstruction routines but not rebuilding the full picture based on the firmware image. This webinar will be focusing on the discussion around existing UEFI RE plugins for Ghidra and IDA with an explanation of why we decide to start the work on efiXplorer (https://github.com/binarly-io/efiXplorer), what was missing on existing plugins.

Speaker Bio:

Alex Matrosov is well recognized offensive security researcher. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Alex served as Senior Principal Security Researcher at Nvidia, Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. Additionally, he is awarded by Hex-Rays for open-source plugin HexRaysCodeXplorer which is developed and supported since 2013 by REhint's team.