Overview
Dive into a comprehensive 53-minute Black Hat conference talk exploring the intricate details of Intel Security and Manageability Engine. Gain deep technical insights on applying feedback fuzzing and queue-management techniques to other firmware environments. Learn how to implement these technologies in a generic form, making them applicable to any existing fuzzer. Explore topics such as hardware PCH, ROM key generation, secure key storage, kernel TCB, micro kernel architecture, ring-free processes, nonlinear buffer overflow protection, memory corruption prevention, security lifecycle, fuzzing techniques, FL instrumentation, and manufacturing manageability. Presented by Shai Hasarfaty and Yanai Moyal, this talk offers valuable knowledge for security professionals and firmware developers seeking to enhance their understanding of advanced security mechanisms.
Syllabus
Introduction
Jen
Hardware
PCH
ROM
Key Generation
Secure Key Storage
Kernel
TCB
BringUp
Driver
Application
Auditing Mitigation
Micro Kernel Architecture
Micro Kernel Example
Ring Free Processes
ReadOnly Page
Secondary Protection
Nonlinear Buffer Overflow
Control for Integrity
Memory Corruption
End Branch
EnbridgeUp
Compare
Segmentation
Hardening
Security Lifecycle
GOpC
Error Flow
Changing the Address
Inflating the Code
Fuzzing
FL Instrumentation
FL Bit Sizes
Pipe Memory
Test Cycle
Test API
Manufacturing
Manageability
Summary
Taught by
Black Hat