On Saturday, February 10, we will warm you with a portion of excellent reports, and you will find familiar Hardware Village and Lockpick Village stands in the hall. Come and join us, this promises to be an interesting day, and what can be better than to spend a day off in the same-minded community with the benefit for the head and hands? :)
February 10, 14:00, Ulitsa Aviamotornaya, 8А,
All photos from DEFCON Moscow 14 are available at Flickr.
Intel Management Engine (ME) technology has been around for over 10 years (since 2005), but it seems impossible to find any official information about ME on the Internet. Fortunately, some studies have been published in recent years; however, all of them deal with ME 10 and earlier, while modern computers implement ME 11 (introduced in 2015 for Skylake microarchitecture). In our presentation, we explain in detail how ME 11.x stores its state on the flash and the other types of file systems that are supported by ME 11.x.
Description: Management Engine is one of the most closed Intel technologies, and it has access to almost all user data. Study of Intel ME is a difficult task for a number of reasons, thus for more than 10 years, a large number of myths have been surrounding it. However, we managed to significantly change the current situation - thanks to the vulnerability we have found, we were able to activate the Intel ME hardware core low-level debugging mechanism. We will talk about this and much more in our presentation.
This report focuses on methods and means of incident response, which are being used by information security specialists during field visits. We will examine the most interesting cases of attacks on financial institutions in 2017, and will talk about ways to quickly analyze data in large corporate networks, malicious code investigation, and gathering of evidence for further analysis. In this report we will present several utilities, which should help information security specialists during the incident response, and will make their lives a little bit more fun and joyful.
Is it hard to write my own driver for a device with a proprietary driver? Is it possible to transfer a chip to another platform? We will answer these questions with the example of iPhone 6s/7 NVMe flash memory. We will explore two drivers: driver of the early boot and the main one. Search for a donor for a new driver and subclassing in C++. Cross-platform development or how development of drivers in Linux and macOS is different. JTAG connection and hardware debugging of drivers. Development of your own breakout for a proprietary chip without documentation. You will see a variety of aspects of reverse engineering at the junction of hardware and software reversing.
Specially for the enthusiasts of the hardware world HWV stand will be set up. Anyone will be able to listen to reports, and play with the hackers' hardware.
- Review of the latest news from the hardware security world
- PCI Express, Thunderbolt and how all of them all lived happily ever after
- Review of the latest attacks and news from the world of WiFi and Bluetooth
Fans of the lock-breaking art will find a stand where they will be able to consolidate their practices and learn a lot of new things :)
Thanks a lot for support 14th meeting of DEFCON Moscow:
Bogomolov Egor, Kostin Denis, Rusanen Ilya, Woolf Anatoliy, Putin Vladimir and Valentin :)