31 May 2023 |
Daniel aka CyReVolt | gotta add
const YoloDxeList = [
"AEB1671D-019C-4B3B-BA-00-35-A2-E6-28-04-36",
];
to #fiedka:matrix.org. | 16:21:40 |
Daniel aka CyReVolt | https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ the original source | 16:23:28 |
1 Jun 2023 |
| Jonathon Hall changed their display name from Jonathon Hall (away) to Jonathon Hall. | 13:08:44 |
stacktrust | https://twitter.com/nikolajschlej/status/1663988077956833286 | 13:58:03 |
Daniel aka CyReVolt | Yea... I'll add that to the known GUIDs in #fiano... and flag it in #fiedka:matrix.org. | 16:07:46 |
Daniel aka CyReVolt | Just looked at some random firmware image from 2 years ago and saw that GUID. | 16:08:15 |
| KarolZet joined the room. | 16:17:07 |
5 Jun 2023 |
| Simon Chou (SMCI) changed their display name from simon chou to Simon Chou (SMCI). | 08:12:30 |
| Simon Chou (SMCI) changed their profile picture. | 08:12:31 |
6 Jun 2023 |
| jn joined the room. | 08:11:37 |
8 Jun 2023 |
mark999 | https://infosec.exchange/@briankrebs/110508909573780256
full replacement | 19:05:17 |
mark999 | ----
unrelated: apparently the MOVEit vuln is being exploited at a very high rate, so if you use it you should stop immediately | 19:08:28 |
10 Jun 2023 |
Daniel aka CyReVolt | Happening today:
https://dramsec.ethz.ch/ | 10:03:36 |
11 Jun 2023 |
akoshy | wow https://cfp.recon.cx/2023/talk/HCJHBW/ | 16:49:18 |
12 Jun 2023 |
flammit | Cross posting this in case anyone here can help: https://osfw.slack.com/archives/CCX4HQYEN/p1686607625910889 | 23:55:08 |
17 Jun 2023 |
Daniel aka CyReVolt | https://twitter.com/matrosov/status/1669079030656831489 | 09:16:17 |
Daniel aka CyReVolt | I'd like to see some other vendors under the 🔬 as well. | 09:16:52 |
22 Jun 2023 |
| Kevin joined the room. | 11:46:09 |
25 Jun 2023 |
hudson | Hopefully not the same as the ones I demoed at ccc a few years ago. They were unfixed when I looked at the x12 boards | 19:55:02 |
3 Jul 2023 |
| Daniel aka CyReVolt changed their profile picture. | 06:05:27 |
11 Jul 2023 |
Daniel aka CyReVolt | https://www.researchgate.net/publication/353943452_All_your_System_Memory_are_belong_to_us_From_Low-Level_Memory_Acquisition_to_High-Level_Forensic_Event_Reconstruction
forensics are an interesting field... | 14:11:55 |
hudson | https://mjg59.dreamwidth.org/66907.html | 14:29:00 |
hudson | regarding the "how do we know the CPU hasn't been swapped for one without bootguard?", I finally, after how many years, encountered a system that initialized the TPM from inside the Intel ACM, allowing the special locality 3 value for PCR0 (0x0000....0003 ). I only realized it when the older tpm2-tools eventlog parser was complaining that the PCRs were not consistent | 14:30:52 |
miczyg | So TPM startup from locality 3? | 14:59:35 |
miczyg | Yeah, quite rare to see | 14:59:43 |
| CoolStar joined the room. | 17:39:12 |
| CoolStar changed their profile picture. | 17:39:15 |
12 Jul 2023 |
mzygowski | I have also never seen anyone setting the TPM startup from locality3 in the manifest. Quite a rare find, indeed. | 07:44:13 |
| Patrick Colp joined the room. | 22:28:55 |
| Patrick Colp changed their profile picture. | 22:28:58 |