user avatar
Alex Matrosov
BINARLY🔬
@matrosov
Security REsearch @Anthropicai · Breaking & Fixing AI Failure Modes | Founder @binarly_io · @SBOM_Tools · @REhints | Author “Rootkits & Bootkits" (bootkits.io)
San Francisco, CA
sbom.tools
Joined July 2008
2,365
Following
19.8K
Followers
Posts
  • Pinned
    user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    May 5, 2023
    ⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates.
    user avatar
    BINARLY🔬
    @binarly_io
    May 5, 2023
    ⛓️Digging deeper into the aftermath of the @msiUSA data breach and its impact on the industry. 🔥Leaked Intel BootGuard keys from MSI are affecting many different device vendors, including @intel , @Lenovo, @Supermicro_SMCI, and many others industry-wide. 🔬#FwHunt is on!
    1.1M
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Mar 21, 2023
    Rust-based firmware is inherently secure by design. What could possibly go wrong?
    423K
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Dec 13, 2018
    Happy to announce all the chapters of bootkits.io now available in Early Access (~600 p). 4 years of writing/rewriting. The book almost a double the size from the original proposal (rootkits/bootkits, UEFI threats and modern forensics) Thx @billpollock and @nostarch!!
    bootkits.io
    Rootkits and Bootkits - Official Book Website
    Reversing Modern Malware and Next Generation Threats
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Aug 18, 2019
    I wrote a blog post "Breaking Through Another Side: Bypassing Firmware Security Boundaries". It's a first part of the series based on our #BHUSA research with Alexandre Gazet. HW/FW Security != Summary of all Security Boundaries
    Breaking Through Another Side: Bypassing Firmware Security Boundaries
    From matrosov.medium.com
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Mar 4, 2018
    My @offensive_con slides released! Include all 010 templates for Intel ACM and Boot Guard (KM + IBBM). All these details been REconstructed from AMI FW. Discovered few Intel Boot Guard bypasses: 2 SW + 1 HW. Never underestimate RE in your Threat Model!! github.com/REhints/Public…
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Apr 20, 2019
    Slides "Modern Secure Boot Attacks: Bypassing Hardware Root of Trust from Software" from #BHASIA and #OPCDE2019 released! Lenovo keeps manufacturing mode Boot Guard "backdoor" to unlock DXE volume for arbitrary modifications. It fully breaks Secure Boot! github.com/REhints/Public…
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Oct 8, 2018
    Lojax rootkit inspired me to write a blogpost about possible dual-use of common BIOS update tools with signed drivers (tested on Win10 1809) medium.com/@matrosov/dang…
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Aug 10, 2022
    💥In just one hour, we will drop 12 high-impact CVEs targeting UEFI firmware and disabling all fancy security features on x86 devices. This is an important study that identifies industry repeatable failures and the ways to fix them. #BHUSA #FwHunt is on!🔬
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    May 4, 2023
    ⛓️Recently, @msiUSA announced a significant data breach. The data has now been made public, revealing a vast number of private keys that could affect numerous devices. 🔥FW Image Signing Keys: 57 products 🔥Intel BootGuard BPM/KM Keys: 166 products 🔬github.com/binarly-io/Sup…
    166K
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    May 9, 2023
    ⛓️Diving deeper into MSI leak, it has been discovered that one of the leaked keys (bxt_dbg_priv_key.pem) is associated with Intel Orange or OEM Unlocked. 🔥Based on Intel documentation, it appears to be more powerful in comparison to Boot Guard keys. intel.com/content/www/us…
    93K
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Sep 27, 2024
    💥PoC is now public! target = "https://{ip_address}/cgi/login.cgi" command = "touch /tmp/BRLY" libc = 0x76283000 # we try to guess gadget1 = 0x000D8874 # pop {r0, r1, r2, r3, fp, pc}; gadget2 = 0x001026D4 # mov r0, sp; blx r3; system = 0x0003C4D4
    user avatar
    BINARLY🔬
    @binarly_io
    Sep 26, 2024
    🚨New! "CVE-2024-36435 Deep-Dive: The Year’s Most Critical BMC Security Flaw." 🔥Classic buffer overflow vulnerabilities resurface in BMCs, remotely opening the gates from the castle. 🏆Kudos to @AlexTereshkin for the initial discovery and disclosure! binarly.io/blog/cve-2024-…
    GIF
    ToolsAndPoCs/Posix/Supermicro/CVE-2024-36435.py at master · binarly-io/ToolsAndPoCs
    From github.com
    60K
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Mar 29, 2019
    My #offensivecon19 slides "Attacking Hardware Root of Trust from UEFI Firmware" released. More details about bypass Boot Guard implementation on Lenovo Thinkpad's coming after #BHASIA and #OPCDE2019. Enjoy evil SMI handlers over WMI and stay tuned! github.com/REhints/Public…
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    May 10, 2023
    🔥New finding! We have confirmed that previously leaked Intel BootGuard private keys from Lenovo/LCFC in September 2022 are still relevant for numerous devices in the field (Lenovo, Supermicro, Intel ...). ⛓️github.com/binarly-io/Sup… 🔬FwHunt: github.com/binarly-io/FwH…
    36K
  • user avatar
    Alex Matrosov
    BINARLY🔬
    @matrosov
    Jun 30, 2020
    #efiXplorer v1.0 [REcon Editon] released! We try to make UEFI RE easier, current version of IDA plugin supports: - EFI Protocols and Boot/Runtime Services identification - EFI GUID's recogniton Stay tuned more features coming! github.com/binarly-io/efi… @yeggorv @p41ll @isciurus
    Release efiXplorer v1.0 [REcon Edition] · REhints/efiXplorer
    From github.com