[SASAG] Training for Industry needs and standards.
blibbet at gmail.com
Wed May 27 14:10:45 PDT 2015
Missing 2 URLs added below, sorry.
> * Learn how to manage network use of your enterprises' firmware. For
> UEFI, that includes Bluetooth, WiFi, PXE, WS-Man, SOAP, IPMI, and now
> with UEFI 2.5, the new "UEFI HTTP boot".
> * Learn how to check what versions of firmware (system image version,
> all IHV option ROM versions), and how to get and install the latest
> * Learn how to make a copy of your ROM, and do forensic diagnosis on
> it, looking for bootkits.
> * Learn to create a UEFI shell boot disk.
> * Learn to use the UEFI port of CPython. (So, learn Python, it is a
> * Learn to use UEFI Shell, and it's ~80 commands.
> * Learn to use LUV-live (Linux UEFI Validation) live-boot distro, on
> Intel hardware, and use it's BITS, FWTS, and CHIPSEC.
> * If you have a Windows-based enterprise, learn to use MITRE Copernicus.
> * Learn to use Coreboot's FlashROM.
> * Learn to use a Dediprog, and a Bus Pirate.
> * Learn to identify firmware usage in hardware before you purchase it.
> * Learn to use CHIPSEC -- and on Windows systems, MITRE Copernicus -- to
> get security information on hardware BEFORE purchase. And learn how to
> return insecure newly-purchased hardware, once it is determined that the
> hardware was delivered vulnerable, by looking at CHIPSEC and/or
> Copernicus -- logs.
> See slides 105 and 106 of my LinuxFestNorthWest.org talk:
> See the recent LegbaCore talk at RSA on use of Copernicus. Note that
> unlike CHIPSEC, Copernicus scales at enterprise level. Note how much
> better the LegbaCore talk is in this regard than mine 2 slides. :-(
> * Learn all the boot key sequences available to your systems, and what
> is configurable via boot BIOS menu/app.
> * Learn the known-public security exploits available on BIOS and UEFI
> systems, and how to detect if your hardware is vulnerable, using CHIPSEC
> -- and on Windows systems, MITRE Copernicus.
More information about the Members