Thursday 25 September 15:00 - 15:30, Green room.Xeno Kovah The MITRE CorporationCorey Kallenberg The MITRE CorporationJohn Butterworth The MITRE CorporationSam Cornwell The MITRE Corporation What do you know about BIOS vulnerabilities & attackers? Do you know that current data suggests that more than half of enterprise BIOSes in the wild have known vulnerabilities going unpatched? Do you know which vendors have patches that fix issues, and which vendors don't? Do you know how many exploits have come out in the past year that allow attackers to bypass all security features and take control of a BIOS and thus defeat all security software? Do you know that state-sponsored attackers attack at the BIOS level but have never been caught by the AV industry? This talk will shed some light on the largely out-of-sight, out-of-mind problem of security at the lowest level of the platform. But it will suggest actions that can be taken immediately to improve BIOS-level malware detection by leveraging free tools for Windows and *nix platforms. These tools and techniques have significantly matured over the past year, and are now appropriate for incorporation into COTS security products. This talk will also show how malware analysts with existing Windows executable static analysis knowledge can be taught a little bit of BIOS-specific information in order to become BIOS malware analysts too. Click here for more details about the conference.