Defending, Detecting, and Responding to Hardware and Firmware Attacks - Teddy Reed - USENIX Enigma Conference - 2016
USENIX Enigma Conference via YouTube
Overview
This course aims to teach learners how to defend, detect, and respond to hardware and firmware attacks. The course covers recognizing vulnerable systems, detecting compromise, and responding effectively. The individual skills taught include baselining kernel drivers, boot loaders, ACPI table content, and other platform code, as well as logging OS API-generated hardware events. The teaching method involves exploring different approaches to hardware and firmware security and providing immediate tools and actions for "deep systems defense." The intended audience for this course includes enterprise defenders and individuals interested in enhancing their knowledge of hardware and firmware security.
Syllabus
Introduction
Firmware Security
Attack Surface
Foundation Code
Firmware Updates
Kernel Extensions
Threat Predictions
File Integrity Monitoring
PCI Device Monitoring
USB Devices
EFI
OS Query
Event Stream
Firmware
Firmware Parsing
Remote attestation
Taught by
USENIX Enigma Conference