Had a blast attending and presenting at @labscon_io for the second year in a row! If you are curious about BYOVD in UEFI, and how we at @binarly_io uncovered an incomplete patch for a Supermicro BMC bug, check out our talk slides below👇
Very excited for this CodeBlue talk, as the deeper insights into this bootkit will be explained with 40-min slides.
Especially for Android bootkit but Windows rootkit also seems interesting as it uses many techniques that exisiting UEFI bootkits doesn't use (WOOT paper Table 1).
Very excited for this CodeBlue talk, as the deeper insights into this bootkit will be explained with 40-min slides.
Especially for Android bootkit but Windows rootkit also seems interesting as it uses many techniques that exisiting UEFI bootkits doesn't use (WOOT paper Table 1).
🚨Binarly REsearchers revisit an already-patched Supermicro BMC bug and discover two new high-impact vulnerabilities that expose major gaps in software supply chains.
CVE-2025-7937: bypassed “fix” for CVE-2024-10237.
CVE-2025-6198: Supermicro RoT bypass.
binarly.io/blog/broken-tr…
Finally, we will unveil the details behind CVE-2025-6198, a BMC-related security issue that allows attackers to directly “bring your own vulnerable firmware image".
labscon.io/speakers/fabio…
Just dropped a detailed blog post on our “BitUnlocker” research.
If you’re into logical vulnerabilities and BitLocker bypasses, this one’s for you!
techcommunity.microsoft.com/blog/microsoft…
Our Bootkitty team will announcing "A Stealthy Bootkit-Rootkit Against Modern Operating Systems" soon at USENIX WOOT25.
Stay tuned for upcoming presentation.
Credit:
@B1ack3at, @jihoonab151, HyunA Seo, @Iranu96, @wh1te4ever, Jinho Jung, Hyungjoon Koo.
usenix.org/conference/woo…
17 Followers 95 FollowingHacked? SOrry Arther
Oi, Dr. XY, it's Arth∪r, 80 and bloody hacked, mate. Tried fixin' me Twitter bio, but these flamin' buttons are smaller than a roo's patien
24 Followers 573 Followingتطبيق موريتاني يحتوي على جميع الخدمات التقنية واليدوية مثل التكييف والكهرباء والسباكة والنجارة وتوفير العمال وعاملات المنازل كما أن التطبيق يتميز بخدمة التوصيل
556 Followers 293 FollowingAdvancing trustworthy platform security with @Dasharo_com @3mdeb_com. Tweeting about Root of Trust, TPM, coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux.
9K Followers 530 Following#InfoSec University Professor @ #TUGraz. #meltdown, #spectre, #rowhammer, cache attacks, sustainable security. Produced a side channel security sitcom.
971 Followers 53 FollowingThe UEFI Forum advances globally-adopted firmware specifications through enhanced security to the evolution of devices, firmware and operating systems.
3K Followers 1K FollowingEngineer working on UEFI, BIOS, firmware, coreboot, slimbootloader, embedded systems, security, networking...These are my opinions, not those of my employer
963 Followers 573 FollowingVulnerability Research Lead @binarly_io. Prev: Postdoc @ucsantabarbara. Binary analysis, memory forensics et al. Captures flags with Shellphish and NOPS.
615 Followers 551 FollowingApplied cybersecurity, ph.d, cissp, riss, team enu, team v, mws, ntv, samurai kids, enlightened, team valor. My opinions are my own, not views of my belonging.
No recent Favorites. New Favorites will appear here.