Skip to content

Latest commit

 

History

History
315 lines (269 loc) · 31 KB

README.md

File metadata and controls

315 lines (269 loc) · 31 KB

Awesome UEFI Security Awesome

This repository contains a collection of UEFI/BIOS security materials. Collected my own, not comprehensive. Feel free to PR.

CTF-Challenges

Documentations 📖

Development 💻

Some interesting projects

Bootkits 💣

ATT&CK Attack Vector

Time Name
Nov. 2024 Bootkitty
Oct. 2022 BlackLotus
Jul. 2022 CosmicStrand
Jan. 2022 MoonBounce
Oct. 2021 Especter
Sep. 2021 FinSpy
Dec. 2020 Trickbot
Oct. 2020 MosaicRegressor
2018 LoJax

Bootkits related repositories:

Tools 🔨

Vulnerabilities & Exploits 🔎

Talks 🔈

Year Conference Title
2024 Defcon AMD Sinkclose: Universal Ring -2 Privilege Escalation
2024 Blackhat USA You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?
2024 Blackhat USA ARSENAL Damn Vulnerable UEFI (DVUEFI): An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities
2023 Blackhat Europe LogoFAIL: Security implications of image parsing during system boot
2023 Blackhat Asia The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
2021 AVAR The Evolution of Threat Actors: Firmware is the Next Frontier
2022 Blackhat USA Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
2022 Blackhat Asia The Firmware Supply-Chain Security Is Broken: Can We Fix It?
2021 Blackhat USA Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
2021 Blackhat USA Breaking Secure Bootloaders
2020 Blackhat Europe efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
2019 Blackhat USA Firmware Cartography: Charting the Course for Modern Server Compromise
2019 Blackhat Asia MODERN SECURE BOOT ATTACKS: Presenter’s Name Presenter's Position BYPASSING HARDWARE ROOT OF TRUST FROM SOFTWARE
2019 Blackhat Asia Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper
2019 Blackhat USA Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
2018 Blackhat USA Remotely Attacking System Firmware
2018 Blackhat Europe Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
2018 Blackhat Asia I Don't Want to Sleep Subverting Intel TXT with S3 Sleep
2017 Blackhat USA INTEL AMT. STEALTH BREAKTHROUGH
2017 Blackhat USA Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
2017 Blackhat USA Betraying the BIOS: Where the Guardians of the BIOS are Failing
2017 Blackhat USA Taking DMA Attacks to the Next Level
2017 Blackhat Asia The UEFI Firmware Rootkits: Myths and Reality
2017 Blackhat USA Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
2014 Blackhat Europe Analyzing UEFI BIOSes from Attacker & Defender Viewpoints
2014 Blackhat USA Extreme Privilege Escalation on Windows 8/UEFI Systems
2014 Blackhat USA Protecting Data In-Use from Firmware and Physical Attacks
2014 Blackhat USA Exposing Bootkits with BIOS Emulation
2013 Blackhat USA A Tale of One Software Bypass of Windows 8 Secure Boot
2013 Blackhat USA BIOS Chronamancy: Fixing the Core Root of Trust for Measurement
2013 Blackhat USA Funderbolt Adventures in Thunderbolt DMA Attacks
2011 Blackhat Battery Firmware Hacking
2009 Blackhat USA Attacking Intel® BIOS
2009 Blackhat USA Reversing and Exploiting an Apple Firmware Update
2009 Blackhat DC Attacking Intel® Trusted Execution Technology
2009 Blackhat Introducing Ring -3 Rootkits
2008 Blackhat Preventing and Detecting Xen Hypervisor Subversions
2018 CanSecWest TPM Genie Attacking the Hardware Root of Trust For Less Than $50
2015 CanSecWest A New Class of Vulnerabilities in SMI Handlers
2015 CanSecWest Attacks on UEFI Security
2014 CanSecWest ALL YOUR BOOT ARE BELONG TO US
2009 CanSecWest Getting into the SMRAM: SMM Reloaded
2022 DEFCON The COW Container On Windows Who Escaped the Silo
2022 DEFCON One Bootloader to Load Them All
2021 DEFCON High Stakes Updates: BIOS RCE OMG WTF BBQ
2019 DEFCON UEFI Exploitation for the Masses
2019 DEFCON Ring 0 Ring 2 Rootkits Bypassing Defenses
2019 DEFCON EDR is Coming Hide Yo Sh!t
2017 DEFCON Safeguarding rootkits: IntelBootGuard
2018 DEFCON Disabling Intel ME in Firmware
2014 DEFCON Extreme Privilege Escalation On Windows 8/UEFI Systems
2013 DEFCON Hacking Measured Boot and UEFI
2020 DEFCON OuterHaven UEFI Memory Space
2008 DEFCON Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer(pratical low level attacks against x86 authentication software)
2007 DEFCON Hacking the Extensible Firmware Interface
2022 H2HC Data-only Attacks Against UEFI BIOS
2022 Offensive Con UEFI Firmware Vulnerabilities: Past, Present and Future
2017 REcon BARing the System New vulnerabilities in Coreboot & UEFI based systems

Blogs 📰

Papers 📃

Year Jour/Conf Paper
2024 ASE STASE: Static Analysis Guided Symbolic Execution for UEFI Vulnerability Signature Generation
2023 S&P RSFUZZER: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing
2023 arXiv SoK: Security Below the OS – A Security Analysis of UEFI
2023 China CIC A Survey on the Evolution of Bootkits Attack and Defense Techniques
2022 S&P Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis
2022 IH&MMSec Hidden in Plain Sight - Persistent Alternative Mass Storage Data Streams as a Means for Data Hiding With the Help of UEFI NVRAM and Implications for IT Forensics
2020 DAC UEFI Firmware Fuzzing with Simics Virtual Platform
2015 SYSTOR Thunderstrike:EFI firmware bootkits for Apple MacBooks
2015 WOOT Symbolic execution for BIOS security
2014 Virus Bulletin Bootkits: Past, Present & Future
2011 Attacking Intel TXT® via SINIT code execution hijacking
2014 Speed Racer: Exploiting an Intel Flash Protection Race Condition

Training & Courses 🔰