Advanced Threat Research

Latest research: BARing the system–New vulnerabilities in coreboot & UEFI-based systems

Download Report

What We Do

The Advanced Threat Research (ATR) team researches hardware and software vulnerabilities, gains a deep understanding about how those vulnerabilities are exploited, and suggests policies and practices to protect against those exploits. ATR also discovers new vulnerabilities and coordinates their public disclosure with the affected technology vendors.

A description of our disclosure process is available for reference.

What's New

Threat Landscape Dashboard | 2017-02-13

Security administrators responsible for safeguarding systems, networks, and digital systems face the overwhelming task of keeping up with the most significant threats. To serve those admins, we designed a new dashboard to identify the most significant threats and illustrate the relationships between them. Learn more.

RECon Brussels: BARing the System — New Vulnerabilities in Coreboot & UEFI based Systems | 2017-01-29

The ATR team previously discovered and presented vulnerabilities in UEFI-based firmware. This research describes a new class of vulnerabilities affecting SMI handlers on systems with Coreboot and UEFI-based firmware. These issues are caused by incorrect trust assumptions between the firmware and the underlying hardware, which makes this issue applicable to any type of system firmware. These slides describe the issue as well as various mitigation techniques.

Areas of Focus

Security of Platform Hardware and Firmware

Our research helps platform and BIOS manufacturers improve security of system firmware implementations.

Security of Virtualization Technologies

Virtualization security has become important in the data center and on the endpoint. Our team provides technical descriptions of threats and mitigations as well as tools for assessing systems.

Security of Crypto Software

The ATR team analyzes crypto software, including SSL/TLS and general purpose crypto libraries.

Threat Intelligence

We investigate emerging threats and work with global law enforcement to stop cyber criminals.

CHIPSEC

CHIPSEC is a framework for hardware and firmware security assessment, enabling security research, testing, and forensics.