Hi [[ session.user.profile.firstName ]]

Anatomy of a Firmware Attack

Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.
Recorded Mar 3 2020 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ron Talwalkar and John Loucaides
Presentation preview: Anatomy of a Firmware Attack

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Protecting Device Integrity in the Supply Chain Recorded: May 13 2020 61 mins
    Dr. Ed Amoroso - TAG Cyber, Dickie George - Johns Hopkins, Andrew Regenscheid - NIST, Yuriy Bulygin - Eclypsium
    While vulnerabilities in software often steal headlines, hardware vulnerabilities pose a major cyber security risk. Hardware is comprised of numerous components, which are often sourced globally, and are difficult to track along the supply chain. A single vulnerability in any of the components could cause the device to be compromised by cyber criminals.

    Protecting the integrity of devices and ensuring firmware is hardened to attack can be challenging when using traditional security controls and processes. Join our panel of experts on May 13, 2020 at 1 pm ET to learn:

    - How to improve visibility into your device supply chain
    - Why firmware vulnerabilities need to be prioritized
    - Common weak spots for the introduction of tampering and modifications

    Our panelists will be:

    Dr. Edward Amoroso - CEO of research and advisory firm TAG Cyber and former CISO for AT&T

    Richard M. (Dickie) George - Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab, with a focus on cyber strategy for protection of critical national systems.

    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

    Dr. Yuriy Bulygin - CEO and founder of Eclypsium. Previously he led the Advanced Threat Research team at Intel, and created CHIPSEC, the open-source firmware security framework.
  • Detecting & Defeating Persistent Attacks Recorded: Apr 16 2020 65 mins
    Ron Talwalkar, Vice President Product and Jesse Michael, Principal Researcher
    System firmware and dozens of other components that contain millions of lines of firmware are vulnerable to attacks that have capabilities which persist and survive operating system reinstalls and even hard drive replacements. These attacks can go unnoticed by traditional security and can provide access to high-value targets allowing the highest of privilege. Moreover, cleaning a system’s firmware means re-flashing it, an operation not quickly done nor guaranteed. In this webinar, Eclypsium's VP of Product, Ron Talwalkar and Principal Researcher, Jesse Michael, will discuss persistent attacks, what are the vulnerabilities and techniques that lead to these attacks and how the Eclypsium solution can help defend against these types of threats.
  • Enterprise Best Practices for Firmware Updates Recorded: Apr 7 2020 63 mins
    John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
    Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates.

    This Q&A style webinar explores the following topics:

    - The current state of firmware and firmware updates.
    - How the industry is evolving to meet the need for consistent firmware
    update management.
    - The barriers to establishing firmware update management.
    - Recommended steps that security leaders can use to begin building a
    safe and reliable process for managing firmware updates.
  • Anatomy of a Firmware Attack Recorded: Mar 3 2020 49 mins
    Ron Talwalkar and John Loucaides
    Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.
  • Perilous Peripherals - The Hidden Dangers Inside Windows and Linux Computers Recorded: Feb 21 2020 61 mins
    Jesse Michael, Principal Researcher, Eclypsium and Rick Altherr, Principal Engineer, Eclypsium
    Eclypsium researchers Jesse Michael and Rick Altherr will describe new research showing how unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.
  • How Direct Memory Access Attacks Bypass Hardware Protections Recorded: Feb 5 2020 55 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    New research from Eclypsium shows that high-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Jesse Michael and Mickey Shkatov recently demonstrated that, even in the presence of protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start, and Microsoft Virtualization-Based Security, laptops from Dell & HP were susceptible to pre-boot DMA attacks. In this webinar, they describe their research, and discuss the ramifications for enterprise security.
  • Screwed Drivers - New Vulnerabilities Found in Windows Drivers Recorded: Nov 14 2019 60 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns.

    Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft.

    In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities.

    This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Anatomy of a Firmware Attack
  • Live at: Mar 3 2020 6:00 pm
  • Presented by: Ron Talwalkar and John Loucaides
  • From:
Your email has been sent.
or close