Join us on Thursday, November 26th, 2015 as ISSA-Ottawa hosts
"An Introduction to UEFI and Why We Should Care"
This talk will provide an introduction to the firmware interface, UEFI (Unified Extensible Framework Interface), designed to replace the standard BIOS on computers, and the supported security controls framework. We will then discuss how these UEFI security controls may be bypassed or where firmware implementations have failed, with the goal of compromising the integrity of the boot process and the running Operating System for malware installation and persistence. We will also review information disclosed from "The Hacking Team" breach on their UEFI technology development
Mr. Sues, CEO of Rigel Kent Security, Cryptid Labs and co-CEO of Invariant Security is an experienced Penetration Tester, Vulnerability Researcher and Security Trainer with an extensive background in both operational penetration testing and the identification of new vulnerabilities in applications and operating systems. Mr. Sues develops tools and exploits, specializing in the development buffer overflow technology for use in assessing client systems. In doing so, he has reverse engineered many commercial and custom UNIX and Windows-based applications, protocols and Operating Systems to locate and analyze vulnerabilities or understand the software's operation. As well, he has evaluated many vendor products, commercial and proprietary encryption algorithms, operating systems, network services, SANs, routers, and firewalls such as Checkpoint and CISCO PIX/ASA firewalls and has performed local host vulnerability assessments of firewalls, routers/switches, Windows Servers and Solaris/UNIX/Linux systems. Mr. Sues is also co-founder of the COUNTERMEASURE series of security conferences and training events held in Ottawa, Canada with the most recent, COUNTERMEASURE 2015, held November 16-20, 2015.