OST doesn't cater to all topics (yet), because it's volunteer driven. Its primary volunteers thus far have come from a deep system security background. Its assembly, OS/BIOS internals, exploits, and malware curriculum tracks are the most developed, and far deeper than anything you'll (ever) find at SANS, since OST is not commercial and therefore doesn't have to pander to popularity and buzzwords and try to deal with the never-ending churn of trying to put butts in seats.
Introduction to Intel x86: Architecture, Assembly, Applications, and Alliteration
Introduction to Intel x86-64: Architecture, Assembly, Applications, and Alliteration
Intermediate Intel x86: Architecture, Assembly, Applications, and Alliteration
With a bonus that you can also learn about ARM assembly in the same class format, and compare and contrast them (what with x86 and ARM being the 2 major architectures which dominate the world's computing devices currently.)
Introduction to ARM
I was at VirusBulletin when this was being discussed.
A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.
The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.
I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.
But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.
For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.
It only takes one major manufacturer to publicly announce that "we're publishing our code so that it can be verified, unlike our competitors" for it to spread to the competitors.
OEM1 releases full source
OEM2 fires all BIOS developers and leeches off OEM1
OEM1 has the privilege of maintaining a BIOS development workforce for the benefit of their competitors
Though maybe that would work as a feint to eventually put competitors at a disadvantage
Also, believe it or not, OEMs and places like AMI, Phoenix, etc do actually try to add features down at the firmware level that their competitors don't have, to differentiate themselves and hopefully get a few more sales. E.g. recall the splashtop OSes that were being pimped as the instant-boot solution to get your browsing quickly a while back. Or I feel like I've seen the ability to check your Outlook from BIOS on HPs
The important write protects are whether the BIOS configures itself as locked or not after it's booted far enough to determine there are no BIOS updates pending. You can check if your BIOS is open or closed to attackers by running Copernicus or Chipsec.
"For a male and female to live continuously together is... biologically speaking, an extremely unnatural condition." -- Robert Briffault