Summary

In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenges. We delve into the transition from traditional methods to AI-driven approaches, emphasizing the importance of prompt specificity for effective vulnerability discovery. The conversation also covers the role of open-source components, the need for guardrails in AI use, and the implications of AI-generated reports in cybersecurity. Additionally, they touch on man-in-the-middle techniques and the future of AI in firmware development, highlighting the creative monetization of vulnerabilities in IoT devices.

Takeaways

* AI is revolutionizing firmware analysis and vulnerability discovery. * Specificity in prompts is crucial for effective AI usage. * Open-source components can enhance analysis results significantly. * Guardrails are necessary to prevent AI from executing harmful commands. * AI can assist in code refactoring and documentation generation. * NTP spoofing can reveal vulnerabilities in time-sensitive applications. * AI-generated reports may lead to false positives in vulnerability assessments. * Man-in-the-middle techniques are essential for testing device security. * The future of AI in firmware development is promising but complex. * Understanding the context of vulnerabilities is key to accurate reporting.

Chapters

00:00 Introduction to Firmware Analysis and AI Tools 01:54 Transitioning from Traditional Tools to AI 04:28 Specific Techniques for Vulnerability Discovery 06:29 Dynamic Analysis vs. Static Analysis 08:30 Using AI for Code Generation and Documentation 11:43 Interacting with Firmware and Devices 15:57 Creating Custom Tools and Skills for AI 18:53 Recent Projects and Use Cases in Firmware Analysis 22:48 Challenges and Risks of Using AI in Security Research 28:36 The Future of AI in Firmware Development 29:43 AI in Code Review and Vulnerability Detection 33:35 Limitations of AI in Understanding Logic 37:54 Challenges with AI-Generated Vulnerability Reports 43:13 Man-in-the-Middle Techniques and Tools 53:24 Exploring IoT Device Vulnerabilities

Summary

In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of supply chain breaches, the evolving role of AI in cybersecurity, and updates to the OWASP Top 10 list. They emphasize the importance of firmware security and the need for better visibility and standards in the industry. The conversation highlights the challenges faced by defenders in a rapidly changing threat landscape and the necessity for proactive measures to secure systems.

Takeaways

Fortinet vulnerabilities are critical and require immediate attention. Silent patches can lead to significant security risks. AI is being used by both attackers and defenders in cybersecurity. The OWASP Top 10 has been updated to include software supply chain failures. Firmware security is often overlooked but is essential for device safety. Supply chain breaches can have far-reaching implications for organizations. Visibility into firmware and device security is lacking in the industry. Standards for software security are necessary to protect against vulnerabilities. Defenders need better tools to combat evolving threats. The cybersecurity landscape is becoming increasingly complex and interconnected.

Chapters

00:00 Introduction and Technical Setup 03:08 Fortinet Vulnerabilities and Exploits 06:05 Public Exploits and Path Traversal Vulnerabilities 09:00 Chaining Vulnerabilities and Risk Assessment 11:50 Authentication and Vulnerability Scoring 15:04 Operational Complexity in Patch Management 17:55 Silent Patches and Their Implications 20:58 Challenges with Network Device Security 24:55 Cyber Insurance and Vulnerability Trends 27:58 The Impact of Silent Patches 30:46 End of Life Devices and Legacy Systems 34:58 Supply Chain Security and Source Code Theft 39:44 AI in Cybersecurity: Opportunities and Threats 47:17 Navigating AI's Guardrails and Malicious Use Cases 49:24 The Dilemma of AI and Harmful Intentions 52:44 The Need for Researcher Access to AI Tools 58:36 OWASP Top 10 Updates and Supply Chain Security 01:05:12 The Challenges of Firmware and Device Security

Summary

In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspberry Pi in cyber attacks, the implications of the F5 breach, and the emergence of Polar Edge malware targeting QNAP devices. They also discuss the innovative Two-Face Rust binary technique, the critical nature of authentication bypass vulnerabilities, and the evolving landscape of air-gapped systems. The conversation highlights the increasing risk posed by old vulnerabilities and the need for improved security measures in the face of advancing cyber threats.

Articles:

• https://reporter.deepspecter.com/f5-is-misleading-the-market-the-breach-is-nowhere-near-contained-a766d932c582

• https://blog.sekoia.io/polaredge-backdoor-qnap-cve-2023-20118-analysis/

• https://www.group-ib.com/blog/unc2891-bank-heist/

• https://www.synacktiv.com/en/publications/creating-a-two-face-rust-binary-on-linux

• https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities

• https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html

In this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importance of vulnerability disclosure. They delve into the complexities of securing network edge devices, the challenges posed by Linux security, and the need for standardization in security practices. The conversation also touches on the future of firmware security and the necessity for proactive measures in incident response. We also close out the show taking about the recent Framework UEFI shell vulnerability.

Chapters

00:00 Introduction to F5 Breach and UEFI Secure Boot Bypass

02:16 Details of the F5 Breach

04:59 Threat Actor Analysis and Implications

07:18 Vulnerability Disclosure and Exploitation Risks

10:17 Security Measures and Key Management

12:57 Proactive Defense Strategies

15:52 The Evolving Threat Landscape

18:41 Challenges in Securing Network Devices

21:10 Linux Security and Customization Issues

25:16 Kernel Customization Challenges

27:08 Security Through Obscurity

29:04 Application Security and Development Practices

33:59 Framework's UEFI Shell Vulnerability

38:22 Interdependency in Technology Ecosystems

41:48 The Need for Transparency in Signed Software

In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devices, the implications of the Cisco SNMP vulnerability, and the recent vulnerabilities associated with Cisco ASA devices. They also delve into the hybrid Petya ransomware and its connection to supply chain security, emphasizing the need for better visibility and security measures in network devices.

Chapters:

00:00 Introduction and Overview of Cybersecurity Trends

02:09 Red November Campaign: Targeting Network Edge Devices

11:06 The Shift in Attack Vectors: From Windows to Network Edge

14:59 Cisco SNMP Vulnerability: A Legacy Issue

21:21 The Implications of Targeting Network Edge Devices

28:20 Addressing Legacy Issues in Cybersecurity

29:41 Emerging Threats in Cybersecurity

32:19 The Age of Vulnerabilities

33:40 The Importance of Asset Inventory

35:38 Challenges in Device Security

37:22 Visibility and Detection Limitations

39:28 Vendor Responses to Vulnerabilities

41:24 Supply Chain Security Crisis

46:59 Understanding Hybrid Petya

52:11 The Evolution of Attack Techniques

In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya, the implications of UEFI vulnerabilities, and the security risks associated with Windows 10's end of life. They also explore the vulnerabilities of Cisco ASA devices, the rise of supply chain attacks exemplified by NPM worms, and the persistent threat of Row Hammer attacks on DDR5 technology. The conversation highlights the significance of visibility in cybersecurity and the necessity for enhanced security practices to counter evolving threats.

Chapters

00:00 Introduction and Podcast Overview

02:55 Hybrid Petya: The New Threat Landscape

06:03 Understanding UEFI and Secure Boot Vulnerabilities

09:00 The Evolution of Ransomware Techniques

11:54 Windows 10 End of Life Concerns

14:56 The Future of Secure Boot and User Responsibility

22:50 The Shift in Consumer Trust Towards Microsoft

25:11 The Rise of Alternatives: Linux and SteamOS

28:41 Security Concerns with Windows 10 and 11

31:57 Exploiting End-of-Life Devices

36:39 The Challenge of Legacy Infrastructure

39:41 VPN Security: Risks and Solutions

45:40 The Dilemma of Compliance and Visibility

50:16 Supply Chain Vulnerabilities and NPM Attacks

55:54 The Rowhammer Attack and Hardware Security

01:03:40 The Need for Visibility and Signatures in Security

In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit marketplaces and vulnerability research. They discuss the challenges researchers face in monetizing their findings, the ethical implications of selling exploits, and the importance of timely intelligence for defenders. The conversation also touches on the role of AI in vulnerability research, the dynamics between buyers and sellers in the marketplace, and the impact of end-of-life devices on cybersecurity. Overall, the episode provides valuable insights into the complexities of the exploit marketplace and the need for a more proactive approach to cybersecurity.

Chapters

00:00 Introduction to Desired Effect and Evan Dornbush

02:35 The Evolution of Exploit Marketplaces

05:06 Monetizing Vulnerability Research

07:46 The Role of Disclosure in Exploit Sales

10:28 Understanding the Value of Exploits

13:14 Ethics and Motivations in Vulnerability Research

15:51 Validation of Vulnerabilities and Exploits

18:29 Buyer Vetting and Market Dynamics

21:31 Proactive Defense Strategies

24:32 Market Insights and Future Trends

27:43 The Marketplace for Exploits

31:08 The Role of Researchers and Vendors

34:51 The Asymmetry in Cybersecurity

38:03 Economic Incentives in Cybersecurity

40:25 The Complexity of Risk Management

43:57 The Future of Exploit Disclosure

47:23 The Role of AI in Cybersecurity

53:31 Closing Thoughts on Exploit Ethics

In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of new regulations on device security. They explore the evolution of Mirai variants targeting IoT devices and the challenges of securing firmware. The conversation highlights the need for improved security measures and the complexities of managing vulnerabilities in a rapidly changing technological landscape.

00:00 Introduction and Technical Challenges

02:37 Exploring UEFI Settings and Hardware Vulnerabilities

10:14 The Risks of UEFI Control and Physical Damage

16:33 Static Tundra: Cyber Espionage and Exploits

22:23 Targeting Vulnerable Infrastructure in Cyber Attacks

26:27 Emerging Threats in IoT and Network Devices

31:55 The Evolution of Malware: A Deep Dive

34:30 The Challenge of Securing IoT Devices

35:13 Impact of EU Cyber Resilience Act

38:14 Vulnerability Management and Vendor Responsibilities

41:54 Living Outside the Operating System: New Attack Vectors

In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chain and firmware security. They explore the challenges of maintaining security in a complicated supply chain, the importance of proactive and reactive security measures, and the implications of end-of-life software. The conversation also touches on the gaming industry's push for secure boot, recent vulnerabilities discovered in firmware, and the role of BMCs in security. Brian shares insights into AMI's approach to vulnerability management and the future of firmware security, including the significance of Software Bill of Materials (SBOMs).

Whitepaper: https://eclypsium.com/wp-content/uploads/OpenBMC-Security-in-Practice.pdf

Chapters

00:00 Introduction and Technical Setup 01:46 The Challenges of Podcasting and Marketing 03:42 Understanding AMI and Its Role in Firmware Security 06:13 Supply Chain Complexity and Security Measures 08:49 Proactive vs Reactive Security in Firmware 11:17 The Importance of Stable Firmware in Security 13:54 Navigating Vulnerabilities in UEFI and OpenSSL 16:24 The Impact of Cherry-Picking Security Updates 19:11 Tracking Vulnerabilities Across the Supply Chain 21:50 Solutions for Data Center Firmware Management 24:21 Future Directions in Vulnerability Management 24:38 Navigating Vulnerability Management 28:30 End of Life and Support Challenges 31:55 Gaming Security and Anti-Cheat Mechanisms 35:38 The Complexity of Secure Boot Implementation 36:50 Recent Vulnerabilities and Security Research 39:44 Understanding BMC Security 43:34 Open Source and BMC Development 46:30 The Role of SBOMs in Security Compliance

In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and the importance of secure boot and certificate management. They also delve into SonicWall's security challenges and the ongoing debate of building versus buying security solutions, particularly in the context of AI infrastructure and cloud services.

Articles and topics for this week:

1. https://blog.trailofbits.com/2025/08/04/uncovering-memory-corruption-in-nvidia-triton-as-a-new-hire/

2. https://mjg59.dreamwidth.org/72892.html - Secure Boot and certificates

3. https://www.tomshardware.com/pc-components/gpus/nvidia-defiant-over-backdoors-and-kill-switches-in-gpus-as-u-s-mulls-tracking-requirements-calls-them-permanent-flaws-that-are-a-gift-to-hackers -

4. https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-disable-sslvpn-amid-rising-attacks/ -

5. https://www.darkreading.com/endpoint-security/shade-bios-technique-beats-security -

   1. Researcher's previous paper on SMM and malware: https://arxiv.org/abs/2405.04355

   2. He presented at Blackhat last year on Option ROMS: https://www.blackhat.com/us-24/briefings/schedule/index.html#youve-already-been-hacked-what-if-there-is-a-backdoor-in-your-uefi-orom-39579 - YouTube video: https://www.youtube.com/watch?v=_S6EymfaBqQ