Tweet
Title: (Intermediate) OuterHaven - The UEFI Memory Space Just Itching to be Misused
Description:
This presentation will cover research which explores the methods in which all levels of attackers can work with exploiting the UEFI memory space as well as methods for monitoring & enumerating this data haven and the associated access difficulties. I will also demonstrate some scripting and Python code that leverages Windows hosted elements to both exploit, enumerate and monitor this safe space for everyone to play with.
The exploitaiton of UEFI memory has previously only been thought of as something that is used for rootkits or advanced/targeted offensive operations. However, offensive actors and researchers have shown that they are willing to exploit this area with increasing ease. This presentation goes one step further and highlights the extremely basic level of computer knowledge needed to exploit this in current Windows OS, one-click and copy-paste scripts being able to generate the same results. However, the presentation also highlights solutions to monitor/access/analyze issues for this reclusive data set which allows active threats to be scrutinized and detection & preventative methods developed for both local and remote security solutions.
Speaker(s): Connor Morley
Location: Blue Team Vlg / Blue Team Vlg - Talks Track 1
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-02T22:51 (UTC).
Description:
This presentation will cover research which explores the methods in which all levels of attackers can work with exploiting the UEFI memory space as well as methods for monitoring & enumerating this data haven and the associated access difficulties. I will also demonstrate some scripting and Python code that leverages Windows hosted elements to both exploit, enumerate and monitor this safe space for everyone to play with.
The exploitaiton of UEFI memory has previously only been thought of as something that is used for rootkits or advanced/targeted offensive operations. However, offensive actors and researchers have shown that they are willing to exploit this area with increasing ease. This presentation goes one step further and highlights the extremely basic level of computer knowledge needed to exploit this in current Windows OS, one-click and copy-paste scripts being able to generate the same results. However, the presentation also highlights solutions to monitor/access/analyze issues for this reclusive data set which allows active threats to be scrutinized and detection & preventative methods developed for both local and remote security solutions.
Speaker(s): Connor Morley
Location: Blue Team Vlg / Blue Team Vlg - Talks Track 1
Discord: https://discord.com/channels/7082082...54317658734613
Event starts: 2020-08-07 11:00 (11:00 AM) PDT (UTC -07:00)
Event ends: 2020-08-07 12:00 (12:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-02T22:51 (UTC).