Thursday, September 3, 2015

EFI/UEFI and OSX link dump

Firmware/EFI and Kernel/OS level issues link dump:

long running bug (fixed?)
http://newosxbook.com/articles/PST2.html

twitter account for osx/efi security person: https://twitter.com/osxreverser

OSX kernel mem leak: https://github.com/ud2/advisories/tree/master/osx/cve-2015-3780
malicious ntfs image dos: https://github.com/ud2/advisories/tree/master/osx/cve-2015-5763

read osx physical memory, including bios, kernel, and possibly smm: https://github.com/gdbinit/readphysmem
exploit using this info: https://github.com/gdbinit/diagnostic_service2

info aobut twpn: http://blog.qwertyoruiop.com/?p=69
twpn: https://github.com/kpwn/tpwn

OSX rootkit detection and prevention:

Rootpipe: https://twitter.com/diodesign/status/630553369078149120
http://www.opensource.apple.com/source/gdb/gdb-1705/src/gdb/macosx/macosx-nat-dyld.c
https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/Patrick%20Wardle/
updated preso from defcon: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/Patrick%20Wardle%20-%20UPDATED/

thunderstrike 2: https://trmm.net/Thunderstrike2_details
http://legbacore.com/Research_files/ts2-blackhat.pdf

somehting about pwning ios devices, firmware, something something:
https://github.com/planetbeing/xpwn
lightweight version: https://github.com/sektioneins/xpwntool-lite

tons of good resources on this site: https://reverse.put.as/2015/08/07/writing-bad-lamware-for-os-x/
their github: https://github.com/Gdbinit/
https://reverse.put.as/archives/


EFI:
EDK II visual studio stuff https://github.com/ionescu007/VisualUefi
thread about said tool: https://twitter.com/aionescu/status/632594173414129664


https://github.com/LongSoft/UEFITool
UEFITool is a cross-platform C++/Qt program for parsing, extracting and modifying UEFI firmware images.
It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes.

hypervisor stuff:
https://twitter.com/adulau/status/631366664265842688 - small enough to bypass and interfere with patchguard https://github.com/tandasat/Sushi

trustzone fuzzer: https://github.com/laginimaineb/fuzz_zone

bootloader walkthrough: http://www.cs.dartmouth.edu/~bx/blog/2015/09/03/a-toure-of-bootloading.html


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)