sargx digital garden

Bootkits

1 min read

Intel SMM

Persistent BIOS Infection

http://phrack.org/issues/66/7.html#article

EfiGuard is a portable x64 UEFI bootkit that patches the Windows boot manager, boot loader and kernel at boot time in order to disable PatchGuard and Driver Signature Enforcement (DSE).

https://github.com/Mattiwatti/EfiGuard

http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

https://insights.sei.cmu.edu/blog/uefi-terra-firma-for-attackers/

https://secret.club/2022/08/29/bootkitting-windows-sandbox.html

https://www.welivesecurity.com/wp-content/uploads/2013/04/gapz-bootkit-whitepaper.pdf

https://vxug.fakedoma.in/papers/h2hc/Matrosov%20&%20Rodionov%20-%20UEFI%20Firmware%20Rootkits%20Myths%20and%20Reality.pdf

Series of blog posts on Intel BIOS vulnerabilities by

@uffeux

(

@NCCGroupInfosec

)

TOCTOU:

https://research.nccgroup.com/2023/03/15/a-race-to-report-a-toctou-analysis-of-a-bug-collision-in-intel-smm/…

SSM vulnerabilities:

https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/…

HID Drivers:

https://research.nccgroup.com/2023/08/08/intel-bios-advisory-memory-corruption-in-hid-drivers/…

🌱 Back to Garden

1 item under this folder.