Using the Observer Effect and Cyber Feng Shui - Jacob Torrey

Explore the intricacies of cybersecurity and system architecture in this 50-minute conference talk from the Hack In The Box Security Conference. Delve into the observer effect in computer systems and learn how attackers can exploit architectural "tells" to detect monitoring and analysis tools. Discover techniques for remote attestation and system integrity verification. Examine the use of Physically Unclonable Functions (PUFs) for device-specific keying and system authentication. Gain insights into creating "trusted" implant networks that can evade analysis and protect sensitive data. Follow along as the speaker demonstrates practical applications of these concepts, including BIOS manipulation, hypervisor development, and CPU isolation techniques. Explore challenges in VM detection, manufacturing variants, and various PUF implementations across different hardware components. Conclude with a discussion on the implications of these techniques for cybersecurity and future research directions.

Intro
Questions
Who am I
Red Team
Three Tools
Trusted Computing
Static Measurement
TPMs
Remote attestation
Virtual machine introspection
Paranoidfish
CPU Isolation
Shared Resources
Cash Teller
rootkit
gadgets
Secure Node
Secure Node Demo
Challenges
VM Detection
Manufacturing Variants
Challenge
Puffs
Secret Sharing
Error Correction Codes
SRAM Example
Other Techniques
FPGAs
Flash
EEPROM
Row Hammer
Github
Root Trust Key
Zelda Theme Execution
TLB Background
Hypervisor
Reverse Engineering
Chain of Trust
Observer Effect
Conclusion
Future Work
Time Overhead