The Stakes Are Raised When Protecting the Foundation of Computing – Scott Scheferman – PSW #705



Sponsored By


sponsor
Visit https://securityweekly.com/eclypsium for more information!

With Eclypsium researchers’ discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late.

Segment Resources:
https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

The Stakes Are Raised When Protecting the Foundation of Computing

Guests

Scott Scheferman

Scott Scheferman – Principal Cyber Strategist at Eclypsium

@transhackerism

Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

Bill Brenner

Bill Brenner – VP, Content Strategy at CyberRisk Alliance

@BillBrenner70

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. VP of Content Strategy at CyberRisk Alliance.

Larry Pesce

Larry Pesce – Principal Managing Consultant and Director of Research & Development at InGuardians

@haxorthematrix

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Lee Neely

Lee Neely – Senior Cyber Analyst at Lawrence Livermore National Laboratory

@lelandneely

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 25 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989.

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Tyler Robinson

Tyler Robinson – Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

@tyler_robinson

As the Managing Director of Offensive Security & Research at Trimarc, Tyler leads a team of high-performance security professionals within the offensive security field by simulating sophisticated adversaries and creating scalable offensive security platforms using the latest techniques as seen in the wild. With over 2 decades of experience, Tyler specializes in Red Teaming, APT threat modeling, blackbox network penetration testing, and Physical/Social-Engineering. Tyler has presented at multiple conferences including BSides, DefCon and Blackhat panels, SANS security events and to multiple branches of the military.

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!