We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

ThunderStrike 2: Sith Strike

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
2
 Cite
 Share
 Download Purchase
No logo availableDEF CON
 Hudson, Trammel Kovah, Xeno Kallenberg, Corey

Formal Metadata

Title
ThunderStrike 2: Sith Strike
Subtitle
A MacBook firmware worm
Title of Series
Number of Parts
109
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of. Speaker Bios: Trammel Hudson enjoys taking things apart and understanding how they work. He presented the Thunderstrike firmware vulnerability at 31C3, created the Magic Lantern firmware for Canon cameras, and teaches classes at the Brooklyn hackerspace NYC Resistor. Twitter: @qrs Web: https://trmm.net/ Xeno Kovah's speciality area is stealth malware and its ability to hide from security software and force security software to lie. To combat such attacks he researches trusted computing systems that can provide much stronger security guarantees than normal COTS. He co-founded LegbaCore in 2014 to help improve security at the foundation of computing systems. He is also the founder and lead contributor to OpenSecurityTraining.info. He has posted 9 full days of class material material on x86 assembly, architecture, binary formats, and Windows rootkits to OpenSecurityTraining.info. Twitter: @XenoKovah Twitter: @legbacore Corey Kallenberg is a co-founder of LegbaCore, a consultancy focused on evaluating and improving host security at the lowest levels. His specialty areas are trusted computing, vulnerability research and low level development. In particular, Corey has spent several years using his vulnerability research expertise to evaluate limitations in current trusted computing implementations. In addition, he has used his development experience to create and improve upon trusted computing applications. Among these are a timing based attestation agent designed to improve firmware integrity reporting, and an open source Trusted Platform Module driver for Windows. Corey is also an experienced trainer, having created and delivered several technical courses. He is an internationally recognized speaker who has presented at BlackHat USA, DEF CON, CanSecWest, Hack in the Box, NoSuchCon, SyScan, EkoParty and Ruxcon. Twitter: @CoreyKal Twitter: @legbacore
00:00
FirmwareComputer wormSigma-algebraGoodness of fitTrailMathematicsAreaComputer programMereology
00:49
FirmwareComputer wormSigma-algebraÜberlastkontrolleComputer hardwareRight angleInformation securityGoodness of fitSoftwareMultiplication signPhysicalismTask (computing)
02:06
Easter egg <Programm>Run time (program lifecycle phase)FirmwareReverse engineeringComputer programProjective planeQuicksortInformation securityRootkitTraffic reportingSoftwareComputer animation
02:59
Independence (probability theory)FirmwareInformation securityInformation securityFirmwareQuicksortPlastikkarteHard disk drivePeripheralCore dumpPolar coordinate systemComputer fileRootkit
04:20
Shared memorySystem programmingCASE <Informatik>Independence (probability theory)Physical systemVulnerability (computing)SharewareWindowComputer hardwareMessage passingHydraulic jumpComputer animation
04:58
BootingMotherboardFlash memoryCyclic redundancy checkAddress spaceProcess capability indexComputer configurationComputer hardwareRemote procedure callComputer wormKernel (computing)CodeSemiconductor memoryINTEGRALDirection (geometry)Proof theoryComputer configurationExploit (computer security)Data transmissionPCI ExpressFirmwareVolume (thermodynamics)Vector graphicsMotherboardInformationBootingFlash memoryBus (computing)Extension (kinesiology)CASE <Informatik>RoutingVirtual machine
06:28
Structural loadKernel (computing)BootingNormal (geometry)Computer configurationPhysical systemFirmwareBootingType theoryFlash memoryIntegrated development environmentScripting languageLaptopData transmissionHookingKernel (computing)Structural loadShared memory
07:19
BefehlsprozessorFlash memoryPoint (geometry)Vulnerability (computing)Power (physics)BefehlsprozessorFlash memoryBitPhysical systemSoftwareState of matterBootingMotherboardRevision controlHard disk driveProcess (computing)VirtualizationPeripheralComputerScripting languageCodeGoodness of fit
08:19
Physical systemFlash memoryFlash memoryAdaptive behaviorCycle (graph theory)BootingMereologyVideo gameFirmwareProof theorySoftwareVirtual machineInformation securityMotherboardComputer configurationPerimeterHookingComputer wormScripting languageLaptopUniqueness quantification
09:12
System programmingIntelInternet forumWindowCodeFirmwareElectric currentIndependence (probability theory)ImplementationQuicksortRewritingRevision controlVulnerability (computing)Right anglePhysical systemDampingType theoryPoint (geometry)Software development kitInternet forumPolar coordinate systemCodeComputer architectureOpen sourceExtension (kinesiology)Term (mathematics)Group actionNatural numberMultiplication signOrder (biology)Projective planeSound effectPowerPCInterface (computing)Single-precision floating-point formatLine (geometry)Expected valueFirmwareoutputSoftware developerMaxima and minimaHierarchy
12:10
FirmwarePhysical systemInterface (computing)Order (biology)1 (number)Functional (mathematics)Mathematical analysisSimilarity (geometry)Virtual machineLevel (video gaming)Point (geometry)HookingExtension (kinesiology)Control flow graphRight angleComputer animation
13:17
ImplementationComputer hardwareCodeComputer configurationVulnerability (computing)CASE <Informatik>IntelPolar coordinate systemDecision theoryVulnerability (computing)Different (Kate Ryan album)Point (geometry)Computer configurationQuicksortCodeMechanism designRight angle
14:26
EmulationIntelInclusion mapBridging (networking)Core dumpVulnerability (computing)Computer hardwareBitCondition numberIntelSystem administratorQuicksortInterrupt <Informatik>WritingMechanism designCodeGame controllerFirmwareRight angleAsynchronous Transfer Mode
15:35
IntelCore dumpObservational studyCondition numberRight angleType theoryFunctional (mathematics)Computer hardwareThread (computing)Core dumpInsertion lossHypercubeMechanism designSingle-precision floating-point formatMulti-core processorVulnerability (computing)Set (mathematics)Dependent and independent variablesQuicksort
16:47
Control flowSystem administratorBitGame controllerQuicksortDependent and independent variablesAsynchronous Transfer ModeComputing platformSet (mathematics)SpacetimeWritingKernel (computing)
17:26
MIDICASE <Informatik>HistologyRange (statistics)Flash memoryChainFlash memoryPhysical systemAsynchronous Transfer ModeRange (statistics)FirmwareText editorBitProgram slicingCodeMechanism designProxy serverSystem administrator
18:26
Computer hardwareFundamental theorem of algebraBefehlsprozessor1 (number)Vulnerability (computing)Coordinate systemCondition numberLink (knot theory)Information securityDependent and independent variables
19:43
Disk read-and-write headMathematicsGame controllerWordResultantBit
20:21
CASE <Informatik>Range (statistics)MIDIVariable (mathematics)SharewareBootingPhysical systemAdditionFlash memoryMechanism designVideoconferencingPoint (geometry)Software testingRight angleBitQuicksortSingle-precision floating-point formatNon-volatile memory
21:43
Flash memoryCASE <Informatik>Range (statistics)Observational studyVulnerability (computing)Right angleRange (statistics)CodeMechanism designAnalogyQuicksortComa BerenicesComputer animation
22:32
Dependent and independent variablesCodeInformation securityBitMereologyMotherboardPhysical systemSystem callDependent and independent variablesVulnerability (computing)Computer hardwarePower (physics)Information securityRight angleAsynchronous Transfer Mode
23:38
BootingNormal (geometry)Computing platformIntelScripting languageScripting languagePhase transitionCore dumpConfiguration spaceComputer hardwareInformationBootingPhysical systemCodeBitLevel (video gaming)Normal (geometry)Vulnerability (computing)Operator (mathematics)Type theoryComputer animation
24:34
Normal (geometry)BootingComputing platformIntelScripting languageBootingSemiconductor memoryHydraulic jumpVulnerability (computing)Combinational logicOpcodeCore dumpQuicksortScripting languageNon-volatile memoryCodeOperator (mathematics)Type theoryComputer hardwareComputer animation
25:40
Range (statistics)Flash memoryRippingComputer musicACIDInclusion mapScripting languageRange (statistics)ResultantCodeRight angleSinc function1 (number)WhiteboardDependent and independent variablesInformation securityCASE <Informatik>
26:42
SoftwareFirmwareScripting languageComputer hardwareSemiconductor memoryPhysical systemFirmwareCASE <Informatik>WritingScripting languageBeam compass
27:26
BootingCASE <Informatik>Default (computer science)Range (statistics)Scripting languageAddress spacePower (physics)Video projectorCycle (graph theory)Right angleBootingCodeRootkitRevision controlSoftwareFirmwarePhysical systemOpcodeDifferent (Kate Ryan album)Point (geometry)Semiconductor memoryInsertion loss
29:01
PRINCE2Multiplication signLetterpress printingRoutingVulnerability (computing)PRINCE2QuicksortBlog
29:56
FirmwareInformation securityPRINCE2Proof theoryCodeMaxima and minimaVulnerability (computing)Right angle
30:38
FirmwareInformation securityImplementationInclusion mapSystem programmingPRINCE2Right angleVirtual machinePhysical systemBitFirmwareCore dumpVulnerability (computing)BlogPoint (geometry)PRINCE2
31:57
Vulnerability (computing)Information securityPatch (Unix)Right angleModel theoryPhysical system
32:34
Information securityFlash memorySharewarePhysical systemBootingChaos (cosmogony)Asynchronous Transfer ModeGame controllerCodeBitDifferenz <Mathematik>Vulnerability (computing)BootingPhysical systemScripting languageTerm (mathematics)Range (statistics)Virtual machineSystem administratorFlash memorySocial classSharewareConfiguration spaceComputer animation
33:59
Computer configurationComputer configurationPlastikkarteSocket-SchnittstelleIBM PCHard disk driveThermal expansionMotherboardVideo cardPhysical systemGame controllerBus (computing)Interpreter (computing)Computer animation
34:39
Computer configurationInterface (computing)Information securityBootingPlastikkarteMultiplication signProcess capability indexComputer configurationMalwareBuildingRootkitCode
35:16
Computer configurationPhysical systemOpen setIntelSharewareGroup actionSoftwareBootingSigma-algebraMiniDiscData recoveryElement (mathematics)BootingSound effectSharewareInformation securityQuicksortComputer configurationCurveOffice suiteElectronic signatureMereologyHash functionFlash memoryMotherboardStructural loadPlastikkarteThermal expansionPeripheral
36:25
RootkitPasswordKernel (computing)Computer configurationShared memoryDigital rights managementElectric currentModel theoryPhysical systemBackdoor (computing)SoftwareKey (cryptography)FirmwareDensity of statesVirtual machinePCI ExpressComputer configurationPhysical systemMalwareMultiplication signPlastikkarteDevice driverReading (process)Kernel (computing)Data acquisitionComputer animation
37:12
Density of statesComputer configurationGastropod shellCodeWritingProcess capability indexGraphics processing unitInstallation artComputer configurationArmRootkitIntegrated development environmentBootingGame controllerGastropod shellCodeGraphics processing unitPlastikkarteDevice driverRemote procedure call
38:08
System programmingShared memoryComputing platformInclusion mapVulnerability (computing)Static random-access memoryPoint (geometry)Physical systemVulnerability (computing)Right anglePRINCE2Polar coordinate systemPatch (Unix)BitConfiguration spaceSet (mathematics)Maxima and minimaBootingOcean currentProof theoryQuicksortVariable (mathematics)Equivalence relationModel theory
40:37
Computing platformInformation securityComputer configurationSystem programmingSoftware testingInternet service providerScripting languageIntelBootingBefehlsprozessorOrder (biology)Physical systemAsynchronous Transfer ModeCodeVirtual machinePoint (geometry)Semiconductor memoryBefehlsprozessorSingle-precision floating-point formatVulnerability (computing)PasswordInformation securityBitComputer configurationDigitizingRight angleElectronic signatureRoutingFirmwareSystem administratorScripting languageBootingSoftware bugWindowRootkitInstallation art
42:54
FirmwareComputer configurationInformationComputer configurationMultiplication signInformation securityFirmwareScripting languageSemiconductor memoryRight angleComputer forensicsINTEGRALVirtual machineSocial classOpen setOrder (biology)QuicksortRootkitError messageFirst-order logicWave packetCore dumpCASE <Informatik>Plug-in (computing)FreewareHard disk drivePlastikkarte
Transcript: English(auto-generated)