Most system administrators defend systems from threats at the operating system level and above. But there are threats below the operating system at the level of firmware and silicon. Bootkits and other firmware level compromises can be invisible to OS-level security tools. Modern systems have many types of firmware: UEFI, ACPI, SMM, BIOS, PCIe, USB and more. Each of these grows in complexity, and potentially vulnerable attack surface with every release. NIST SP 800-147 covers Secure BIOS Lifecycle, with a focus on how enterprises should secure firmware from acquisition to disposition and five other states between. The NIST guidance does not cover specific tools. This presentation takes the NIST guidance and applies it to existing open source tools, so enterprise system administrators can start to defend the 'negative rings' of their systems. This presentation will cover tools like: CHIPSEC, FirmWare Test Suite, FlashROM, UEFI  Firmware Parser and others to help you detect 'evil maid attacks' and other forms of firmware-based malware. The guidance is fairly abstract to any architecture and firmware type, but we'll be focusing on Intel 64-bit systems running UEFI-based system firmware.