Skip to content

Latest commit

 

History

History
313 lines (267 loc) · 30.6 KB

README.md

File metadata and controls

313 lines (267 loc) · 30.6 KB

Awesome UEFI Security Awesome

This repository contains a collection of UEFI/BIOS security materials. Collected my own, not comprehensive. Feel free to PR.

CTF-Challenges

Documentations 📖

Development 💻

Some interesting projects

Bootkits 💣

ATT&CK Attack Vector

Time Name
Oct. 2022 BlackLotus
Jul. 2022 CosmicStrand
Jan. 2022 MoonBounce
Oct. 2021 Especter
Sep. 2021 FinSpy
Dec. 2020 Trickbot
Oct. 2020 MosaicRegressor
2018 LoJax

Bootkits related repositories:

Tools 🔨

Vulnerabilities & Exploits 🔎

Talks 🔈

Year Conference Title
2024 Defcon AMD Sinkclose: Universal Ring -2 Privilege Escalation
2024 Blackhat USA ARSENAL Damn Vulnerable UEFI (DVUEFI): An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities
2023 Blackhat Europe LogoFAIL: Security implications of image parsing during system boot
2023 Blackhat Asia The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
2021 AVAR The Evolution of Threat Actors: Firmware is the Next Frontier
2022 Blackhat USA Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
2022 Blackhat Asia The Firmware Supply-Chain Security Is Broken: Can We Fix It?
2021 Blackhat USA Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
2021 Blackhat USA Breaking Secure Bootloaders
2020 Blackhat Europe efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
2019 Blackhat USA Firmware Cartography: Charting the Course for Modern Server Compromise
2019 Blackhat Asia MODERN SECURE BOOT ATTACKS: Presenter’s Name Presenter's Position BYPASSING HARDWARE ROOT OF TRUST FROM SOFTWARE
2019 Blackhat Asia Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper
2019 Blackhat USA Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
2018 Blackhat USA Remotely Attacking System Firmware
2018 Blackhat Europe Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
2018 Blackhat Asia I Don't Want to Sleep Subverting Intel TXT with S3 Sleep
2017 Blackhat USA INTEL AMT. STEALTH BREAKTHROUGH
2017 Blackhat USA Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
2017 Blackhat USA Betraying the BIOS: Where the Guardians of the BIOS are Failing
2017 Blackhat USA Taking DMA Attacks to the Next Level
2017 Blackhat Asia The UEFI Firmware Rootkits: Myths and Reality
2017 Blackhat USA Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
2014 Blackhat Europe Analyzing UEFI BIOSes from Attacker & Defender Viewpoints
2014 Blackhat USA Extreme Privilege Escalation on Windows 8/UEFI Systems
2014 Blackhat USA Protecting Data In-Use from Firmware and Physical Attacks
2014 Blackhat USA Exposing Bootkits with BIOS Emulation
2013 Blackhat USA A Tale of One Software Bypass of Windows 8 Secure Boot
2013 Blackhat USA BIOS Chronamancy: Fixing the Core Root of Trust for Measurement
2013 Blackhat USA Funderbolt Adventures in Thunderbolt DMA Attacks
2011 Blackhat Battery Firmware Hacking
2009 Blackhat USA Attacking Intel® BIOS
2009 Blackhat USA Reversing and Exploiting an Apple Firmware Update
2009 Blackhat DC Attacking Intel® Trusted Execution Technology
2009 Blackhat Introducing Ring -3 Rootkits
2008 Blackhat Preventing and Detecting Xen Hypervisor Subversions
2018 CanSecWest TPM Genie Attacking the Hardware Root of Trust For Less Than $50
2015 CanSecWest A New Class of Vulnerabilities in SMI Handlers
2015 CanSecWest Attacks on UEFI Security
2014 CanSecWest ALL YOUR BOOT ARE BELONG TO US
2009 CanSecWest Getting into the SMRAM: SMM Reloaded
2022 DEFCON The COW Container On Windows Who Escaped the Silo
2022 DEFCON One Bootloader to Load Them All
2021 DEFCON High Stakes Updates: BIOS RCE OMG WTF BBQ
2019 DEFCON UEFI Exploitation for the Masses
2019 DEFCON Ring 0 Ring 2 Rootkits Bypassing Defenses
2019 DEFCON EDR is Coming Hide Yo Sh!t
2017 DEFCON Safeguarding rootkits: IntelBootGuard
2018 DEFCON Disabling Intel ME in Firmware
2014 DEFCON Extreme Privilege Escalation On Windows 8/UEFI Systems
2013 DEFCON Hacking Measured Boot and UEFI
2020 DEFCON OuterHaven UEFI Memory Space
2008 DEFCON Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer(pratical low level attacks against x86 authentication software)
2007 DEFCON Hacking the Extensible Firmware Interface
2022 H2HC Data-only Attacks Against UEFI BIOS
2022 Offensive Con UEFI Firmware Vulnerabilities: Past, Present and Future
2017 REcon BARing the System New vulnerabilities in Coreboot & UEFI based systems

Blogs 📰

Papers 📃

Year Jour/Conf Paper
2024 arXiv UEFI Vulnerability Signature Generation using Static and Symbolic Analysis
2023 S&P RSFUZZER: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing
2023 arXiv SoK: Security Below the OS – A Security Analysis of UEFI
2023 China CIC A Survey on the Evolution of Bootkits Attack and Defense Techniques
2022 S&P Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis
2022 IH&MMSec Hidden in Plain Sight - Persistent Alternative Mass Storage Data Streams as a Means for Data Hiding With the Help of UEFI NVRAM and Implications for IT Forensics
2020 DAC UEFI Firmware Fuzzing with Simics Virtual Platform
2015 SYSTOR Thunderstrike:EFI firmware bootkits for Apple MacBooks
2015 WOOT Symbolic execution for BIOS security
2014 Virus Bulletin Bootkits: Past, Present & Future
2011 Attacking Intel TXT® via SINIT code execution hijacking
2014 Speed Racer: Exploiting an Intel Flash Protection Race Condition

Training & Courses 🔰