Security Research

What not to do when guarding your security gates

Better BIOS password encryption

Securing master EFI passwords better

There are many great EFI engineers working hard in creating the best and the greatest, who don’t have the time to pause and understand proper crypto for the critical parts of the solutions they are working on. I thought I’d over some basic do’s and don’ts. Dogbert did this before,... [Read More]

Dell 1D3B

Broken by Design

Back in 2011 Dell recovery password generator for 1D3B BIOS was discovered to have a flaw. It did not use public-private key cryptography. It did not use strong encryption. It did not use encryption at all. It simply repeated the same old hashing it did back in 2000’s. [Read More]

EFI investigation recepie

How to get to the inside of you EFI BIOS

No, I am not Phineas Fisher, but I do think that good security education benefits everyone. Security through obscurity is only good against the most lazy attacker, making it now, in the age of dedicated, well funded and even state sponsored adversaries, an increasingly dangerous attitude. [Read More]