In 2023, ESET published a detailed analysis of BlackLotus, the firstpublic documented boutique that bypasses UEFI Secure Boot on theFull Updated Windows 11. A little earlier, Kaspersky's descriptionCosmicStrand, living in the SPI flash of motherboard. Twofamilies, two fundamentally different entry points, one goal ispersistence below the OS level, invisible to the classic EDR.
Here is aPractical Analysis: Where It is in the Pouring Network that the Pointof attack are, How BlackLotus and CosmicStrand operation them, and WhatYou can make hands to detect or dod at the firmwarelevel. All commands and tools are tested on a laboratory stand withQEMU/OVMF and on the physical gland.
UEFI loadingchain: exactly where boutiques live
Before Dissectinga specific malware, you need to understand the boot flow. UEFIsubillitive damage into several - to the UEFI ForumSpecification, the sequence is as follows:
1. SEC(Security Phase) - the processor is out of reset vector, switchesreal mode to a protected mode, stop, a temporary RAM via CPUcache.
2. PEA(Pre-EFI Initialization) - configuring a memory controller, turningon DRAM, initializing the chipset.
3. DXE (DriverExecution Environment) is the longest phase: downloading all DXEDrivers, initializing the rest of the equipment, setting up SMM,Create BootServices and RuntimeServices.
4. BDS ( BootDevice Selection) - selection of boot of device, running an OSdownloader from EFI System Partition.
5. TSLTransient System Load - Transfer of Control to the Bootloaderbootmfw.efi→ → winload.efi)
Change EachBetween the Phations is anation (a) and the signature a verificationComponent is a chain of trust implemented by UEFI Secure Boot.Root-of-trust sits in the initialization firmware platform; with theIntel Boot Guard, in hardware that cannot be programmed to touch.
Botchituss attackdifferent links of the chain. Classification by point ofImplementation (pros (bes on Binarly analysis):
The fundamentalESP-butki (ESP-butt" (ESPecter) live on theFAT32-section of the disk - theoretically, they can be.SPI-butcs (CosmicStrand, MoonBusque) is in the chip of thefirmware on the motherboard. Reinstallation of the OS, thepenalty of the hard drive - they don't care. They're home.
BlackLotusboutkin: bypassing Secure Boot through CVE-2022-21894
The essence of theattack
BlackLotus is thefirst publicly confirmed inthe-wild UEFI boutique, capable ofbypassing Secure Boot on full-standing Windows 11 systems. Inclusiveto ESET (Martin Smolár, WeLiveSecurity, March 2023), it hasbeen sold on underground forums since October 2022 for $5000. FiveLosty bucks - and Secure Boots to Exhibit.
The Key Mechanismis the operation of CVE-2022-21894 (Secureu Boot Security Feature)Bypass Vulnerability). By NVD:
• CVSS:4.4 (MEDIUM)
• Vector:CVSS:3.1/AV:L/L/L/P/C:::N/I::::::::
• CWE:CWE-863 (Incrert Authorization)
Let's see thevector: local attack (AV:L), demanding high privileges (PR:H), theuser is not required (UI:N), but complete control over the integrity(I:H) Formally, CVSS-valid assessment "average" - and herethe most interesting is a start. PR:H The attacker needs an admin/SYSTEM.But if you've already received it through phishing, BYODD ornucelus exploit, this “average” opens thedoor to absolute stability. Personally, I Believe that CVSS hereEntirely Appellation of the Real Impact - the Context of the Attackchanges the allego.
Microsoft Releaseda plast in January 2022, but here's the problem: signedbinaries were not given to the UEFI revocation list (dbx) BlackLotusbring its own copies of but legitimate downloaded vulnerable - theclassic Downgrade Attack (T1562.010, Defense Evasion on MITREATT&CK). There's a patch, but there's no use.
InstallationChain
By theAnalysis of ESET, the installation of BlackLotus go in severalThe Senses:
Step 0 -Initialization. The Undercarrier Checks the Locality of the System. Ifru-RU, uk-UA, be-BY, hy-AM, kk-KZ, ro-MD or ru-MD - the installationis interrupteded. A typical post-Soviet crimeware marker is “we"Don't Attack Our Own."
Step 1 - Openingfiles. The ESP is hosted: aself-signed MOK (Machine Owner Key), auxiliary files.
Step 2 - Shutdownof HVCI. Hypervisor-protected Code Integrity is cut down beforerebooting to remove the code integrity check at the hypervisor level.
Step 3 - DisablingBitLocker. Tom's protection is removed - the butquitatu need to accessthe boot components without encryption.
Step 4 - OperationCVE-2022-21894 and installation of persistence. Through a vulnerabilitybootloader (Baton Drop technique), the boutkit registers its own MOKin NVRAM. At the next load, Secureu Boot the wayboutiquetrusted. Code Signing Policy Modification (T1553.006) in its pureform.
Step 5 - Afterreboot. The boutique start as a boot downloader, kernel-modeDriver and HTTP downloader (operating in context winlogon.exe)spin protects the boutique files on the ESP from deleting -Try to close file boards to BSOD. Rude, but it's working.
What termination offBlackLotus
Afterinstallation, BlackLotus cuts out:
• WindowsDefender - Deactivation of the main process
• HBC -Disable Hypervisory Code integrity check
• •BitLocker - Tom protection
• UAC -bypassing account control
Essentially, aFull Windows 11 turns into an open-up platform where theattacker loads components in akernel-mode and a user-mode.All These Letters - HVCI, BitLocker, UAC - Turn to be a beautifulfan.
CosmicStrandMalvar: Butteut in SPI Flash
If BlackLotus is aboutique "on disk", then CosmicStrand - firmware implant,recorded in the SPI flash motherboard. The difference between themSetdins: the approach to detection, andThe All-Scost of the Success.
Point ofImplementation
CosmicStrandmodifies the DXE drive in the UEFI firmware. At each download, theCompromised driver reputation control in the DXE phase - long beforethe Secure Boot checks the OS downloader. Why? Because the DXE codeis part of the firmware and is considered to be trusted byDefinition. Secure Boot protects against external threats, and herethe enemy is already inside the closet.
Inclus toKaspersky and Binarly, CosmicStrand uses the BootServies tablehooking: replace the pointsers with its own managers.To search for a function OlArchTransferToKernel 4-byte is signatureused in memory 0x41106A56 - boutique scans the memory, findsright place and substitutes inline hook, intercepting the moment ofTransferring control of the Windows core.
This is the SystemFirmware (T1542.001, Persistence / Defense Evasion) - sturing isdirectly in the firmware.
Why it's moredangerous than ESP boutiques
To kill theCosmicStrand, you need a UEFI flash with a clean image from themanufacturer. Installing Windows, Diskting formatting, SSDs -none of this will help. Malward lives in a chip on board and shenot't care about your drives.
Attacks on theloading chain: general techniques
Binary conducteda comparative analysis of the several of families and common identifiedpatterns of behavior. For Who Who Boost Generic Detection, It'sGold.
Reset the bit ofWrite Protect in CR0
All Modernboutiques (CosmicStrand, ESPecter, BlackLotus, MoonBounce) is resetby WP in the CR0 register. Remove the protection of the entrythe read-only memory pages, after which the PE-heads of the corecalmly patch, change the entry point, rules the rights of sections.In UEFI administrations, this behavior is rare. If you seeThe WP reset in CR0 at the loading stage, this is a red flag.
Shellcode-likeParsing PE
Butkits thefeast the PE-heading of the downloaded images (the Windows kernel)bootloader) - without the regular API firmware. Manual bypass of theexport table, the search for functions by name hach - behaviorto anyone who analyzed the rashcock. Binaryl notes that inUEFI legitimate applications, such a pattern is practically notfound.
Inline hookingOslArchTransferToKernel
Four of the Sixstudied Binarly boutiques (MoonBounce, CosmicStrand, ESPecter,BlackLotus) intercept the function OslArchTransferToKernel - criticalControl point from the loader kernel. But everyone uses our searchsignature and their instructions for the patch. So a single signaturewill not be written - you will have to catch on behavior.
UEFI rootkitAnalysis: Detection
Okay, end upThe theory. Let's move on to what you read it for - specificteams and tools.
Condition TestingSecure Boot
StandardVerification through mokuutilt - it shows the stateOS Considers relevant, and the boutique can fake it. Check fromseveral sources:
If mokutil--sb-state "SecureBoot's" and efivar for SecureBoot returns00 - Congratulations, this is a direct indicator of compromise. Theboutique is lying to the operating room, and she happily conveys liesto you.
UEFI configurationaudit with CHIPSEC
CHIPSEC -Open-source framework from Intel for firmware security audit. On thephysical gland, it allows you to check critical SPI-flash protectionIndications:
What to look forin the conclusion:
• •common.spi_lock- FAILED orders that SPI flash can be re-writtensoftware. The CosmicStrand implant is open.
• •common.bios_wp- checks the bits BWE, BLE, PRx. If the protection isUntilt, the firmware can be modified with the OS. Onone test, I saw FAILED on both modules at the fresh server hardwareout of the box. Vendor just didn't turn on the defense.
Extraction andAnalysis of Protware
To Find theDXE drivers, you need to remove the firmware dump and disassembleMoisture each module:
In UEFITool, lookfor DXE drivers with non-standard GUIDs abnormal,ly large size ormodules that do not match the benchmark firmware from themanufacturer. If the module is in the dump, but it is not in theDeeper-degree.
Monitoring EFISystem Partition
ESP-butts(BlackLotus, ESPecter) left artfacts on the FAT32 section. Here isHow to Look for Them:
And to ESET,BlackLotus files on the ESP have a size of 80 KB. Separatelycheck .1 . . . . . . . . . . . . . . . . Registers with its own certificate to bypass Secure Boot.
UEFI MemoryForensics
Researchers(published on arXiv, 2025) developed a change framework forUEFI memory at the pre-OS phase. Two components:
• •UefiMemDump - DXE-driver or UEFI shell-appendix to remove the memorydump for the firmware, before the OS of the Transmitted Control is
• •UEFIDumpAnalysis - a set of analysis modules: detection of hookingpointers of functions in BootServices/RuntimeServices,detection inline hooking, extracting loaded UEFI images.
Proof-of-conceptshow the discovery of CosmicStrand and Glufteba by modifyingPointers in the service tables. The Open-Scrisive Transition Is Thefirst tool of its kind for below-OS memory forensics. The Thom israw, but work.
Secure Boot: the problem revocation
The Key Problemthat BlackLotus exploits is not CVE-2022-21894, but a brokenremeability. Microsoft has released a patch, but not not addWard-window downloads to dbx (UEFI revocation list). The reasonfor ESET: The vulnerability details of the legitimatedownloaders that are still in use. Mass review can lead to theImpossibility of loading on millions of cars.
This is a systemicproblem of Secure Boot, and it looks like a vicious circle:
1. Microsoftthird sign-party downloads (shim for Linux, OEM vendor booths) withits UEFI CA key.
2. Any ofThese downloaders are vulnerable - it should be todd to dbx.
3. Addition todbxbreaks the loading of all systems that use this downloader.
4. , Thereforethe reputable do not incident - and the v credibility of exploited.
It turns outfunny: the defense mechanism do not work, because it is fear toTurning it on. The fence says “Secureu Boot” and in fact –a leaky fence.
A similar storywith LogoFAIL is a vulnerability in the BMP processing plantsInside UEFI firmware. - By to Binaryly Research, Bootkittyboutique used LogoFAIL to add self-signed certificate to thetrusted list, bypassing Secure Boot without a manual operatorInteraction. The vulnerability the affectedware of laptopsAcer, HP, Fujitsu and Lenovo. Through a picture with a logo.Seriously.
Protection againstboutiquets: what really works
Intel Boot Guard
The only mechanismthat transfers root-of-trust to immutable equipment. When the BootGuard is turned on, the verification keys are sewn in the fuses ofthe processor - software modification is impossible. Inclus toBinary Defense, at the time of writing there are in-the-wildboutiques that bypass Boot Guard. There are welchings in the keys, butThere was a work exploits in the wild.
How to check:
Update dbx
Regularly updateUEFI revocation list. Microsoft publishing updates dbx through WindowsUpdate, but on Linux you need to do this manually:
Monitoring of ESPfor change
Configure regularscanning of EFI System Partition. Any change of files in/boot/efi/EFI/USUst staffing update - reason a for theInvestigation:
Measured Boot andTPM Attestation
TPM (TrustedPlatform Module) captures the hashes of each configuration of the PCRRegisters. If there is a remote attestation server, you canExcursive detect the substrate of the downloader:
Change to PCR[4]or PCR[7] between full-monthly stresses without the system is adirect downloader rating.
ATT&CK MappingTable for Butkat Attacks
Practicalchecklist: detection of UEFI boutiquets
Step-by-stepalgorithms to check the system on a firmware threat - do again, do twoDo three:
Step 1 - Check theSecure Boot configuration. Compare the Convent Mokutil --sb-statewith direct reading UEFI-Variables via efivar. Check the list ofset MOK-keys through mokutil --list-enrolled. Unknowncertificates are a red flag.
Step 2 - SPI-flashVert protection. Launch chipsec_main and check the modules spi_lock,bios_wp, smrr. Any FAILED products that the firmware can beRe-registered software - the system is to vulnerable SPI implants.
Step 3 - Check theintegrity of ESP. Mount the section, calculate the hashs of all.efi- files, compare with the reference values. Pay attention tofiles size 50-100 KB with non-standard names.
Step 4 - Removethe release dump. chipsec_util spi, then disassemble the dumpthrough UEFITool or UEFIExtract. Compare GUID and the number of DXEmodules with the reference image from the manufacturer.
Step 5 - Check ThePCR Values Of TPM. If the organization is set up by a doubattestation - compare the current PCR with basic values. WithoutAttestation - fix the PCR after a clean analysis and trackdivergences.
Step 6 - Check thebinwalk entropy of the firmware modules. An Unallion High Entropyof individual DXE modules can indicate an encrypted or packagedThe malicious load.
Here is aPractical Analysis: Where It is in the Pouring Network that the Pointof attack are, How BlackLotus and CosmicStrand operation them, and WhatYou can make hands to detect or dod at the firmwarelevel. All commands and tools are tested on a laboratory stand withQEMU/OVMF and on the physical gland.
UEFI loadingchain: exactly where boutiques live
Before Dissectinga specific malware, you need to understand the boot flow. UEFIsubillitive damage into several - to the UEFI ForumSpecification, the sequence is as follows:
1. SEC(Security Phase) - the processor is out of reset vector, switchesreal mode to a protected mode, stop, a temporary RAM via CPUcache.
2. PEA(Pre-EFI Initialization) - configuring a memory controller, turningon DRAM, initializing the chipset.
3. DXE (DriverExecution Environment) is the longest phase: downloading all DXEDrivers, initializing the rest of the equipment, setting up SMM,Create BootServices and RuntimeServices.
4. BDS ( BootDevice Selection) - selection of boot of device, running an OSdownloader from EFI System Partition.
5. TSLTransient System Load - Transfer of Control to the Bootloaderbootmfw.efi→ → winload.efi)
Change EachBetween the Phations is anation (a) and the signature a verificationComponent is a chain of trust implemented by UEFI Secure Boot.Root-of-trust sits in the initialization firmware platform; with theIntel Boot Guard, in hardware that cannot be programmed to touch.
Botchituss attackdifferent links of the chain. Classification by point ofImplementation (pros (bes on Binarly analysis):
The fundamentalESP-butki (ESP-butt" (ESPecter) live on theFAT32-section of the disk - theoretically, they can be.SPI-butcs (CosmicStrand, MoonBusque) is in the chip of thefirmware on the motherboard. Reinstallation of the OS, thepenalty of the hard drive - they don't care. They're home.
BlackLotusboutkin: bypassing Secure Boot through CVE-2022-21894
The essence of theattack
BlackLotus is thefirst publicly confirmed inthe-wild UEFI boutique, capable ofbypassing Secure Boot on full-standing Windows 11 systems. Inclusiveto ESET (Martin Smolár, WeLiveSecurity, March 2023), it hasbeen sold on underground forums since October 2022 for $5000. FiveLosty bucks - and Secure Boots to Exhibit.
The Key Mechanismis the operation of CVE-2022-21894 (Secureu Boot Security Feature)Bypass Vulnerability). By NVD:
• CVSS:4.4 (MEDIUM)
• Vector:CVSS:3.1/AV:L/L/L/P/C:::N/I::::::::
• CWE:CWE-863 (Incrert Authorization)
Let's see thevector: local attack (AV:L), demanding high privileges (PR:H), theuser is not required (UI:N), but complete control over the integrity(I:H) Formally, CVSS-valid assessment "average" - and herethe most interesting is a start. PR:H The attacker needs an admin/SYSTEM.But if you've already received it through phishing, BYODD ornucelus exploit, this “average” opens thedoor to absolute stability. Personally, I Believe that CVSS hereEntirely Appellation of the Real Impact - the Context of the Attackchanges the allego.
Microsoft Releaseda plast in January 2022, but here's the problem: signedbinaries were not given to the UEFI revocation list (dbx) BlackLotusbring its own copies of but legitimate downloaded vulnerable - theclassic Downgrade Attack (T1562.010, Defense Evasion on MITREATT&CK). There's a patch, but there's no use.
InstallationChain
By theAnalysis of ESET, the installation of BlackLotus go in severalThe Senses:
Step 0 -Initialization. The Undercarrier Checks the Locality of the System. Ifru-RU, uk-UA, be-BY, hy-AM, kk-KZ, ro-MD or ru-MD - the installationis interrupteded. A typical post-Soviet crimeware marker is “we"Don't Attack Our Own."
Step 1 - Openingfiles. The ESP is hosted: aself-signed MOK (Machine Owner Key), auxiliary files.
Step 2 - Shutdownof HVCI. Hypervisor-protected Code Integrity is cut down beforerebooting to remove the code integrity check at the hypervisor level.
Step 3 - DisablingBitLocker. Tom's protection is removed - the butquitatu need to accessthe boot components without encryption.
Step 4 - OperationCVE-2022-21894 and installation of persistence. Through a vulnerabilitybootloader (Baton Drop technique), the boutkit registers its own MOKin NVRAM. At the next load, Secureu Boot the wayboutiquetrusted. Code Signing Policy Modification (T1553.006) in its pureform.
Step 5 - Afterreboot. The boutique start as a boot downloader, kernel-modeDriver and HTTP downloader (operating in context winlogon.exe)spin protects the boutique files on the ESP from deleting -Try to close file boards to BSOD. Rude, but it's working.
What termination offBlackLotus
Afterinstallation, BlackLotus cuts out:
• WindowsDefender - Deactivation of the main process
• HBC -Disable Hypervisory Code integrity check
• •BitLocker - Tom protection
• UAC -bypassing account control
Essentially, aFull Windows 11 turns into an open-up platform where theattacker loads components in akernel-mode and a user-mode.All These Letters - HVCI, BitLocker, UAC - Turn to be a beautifulfan.
CosmicStrandMalvar: Butteut in SPI Flash
If BlackLotus is aboutique "on disk", then CosmicStrand - firmware implant,recorded in the SPI flash motherboard. The difference between themSetdins: the approach to detection, andThe All-Scost of the Success.
Point ofImplementation
CosmicStrandmodifies the DXE drive in the UEFI firmware. At each download, theCompromised driver reputation control in the DXE phase - long beforethe Secure Boot checks the OS downloader. Why? Because the DXE codeis part of the firmware and is considered to be trusted byDefinition. Secure Boot protects against external threats, and herethe enemy is already inside the closet.
Inclus toKaspersky and Binarly, CosmicStrand uses the BootServies tablehooking: replace the pointsers with its own managers.To search for a function OlArchTransferToKernel 4-byte is signatureused in memory 0x41106A56 - boutique scans the memory, findsright place and substitutes inline hook, intercepting the moment ofTransferring control of the Windows core.
This is the SystemFirmware (T1542.001, Persistence / Defense Evasion) - sturing isdirectly in the firmware.
Why it's moredangerous than ESP boutiques
To kill theCosmicStrand, you need a UEFI flash with a clean image from themanufacturer. Installing Windows, Diskting formatting, SSDs -none of this will help. Malward lives in a chip on board and shenot't care about your drives.
Attacks on theloading chain: general techniques
Binary conducteda comparative analysis of the several of families and common identifiedpatterns of behavior. For Who Who Boost Generic Detection, It'sGold.
Reset the bit ofWrite Protect in CR0
All Modernboutiques (CosmicStrand, ESPecter, BlackLotus, MoonBounce) is resetby WP in the CR0 register. Remove the protection of the entrythe read-only memory pages, after which the PE-heads of the corecalmly patch, change the entry point, rules the rights of sections.In UEFI administrations, this behavior is rare. If you seeThe WP reset in CR0 at the loading stage, this is a red flag.
Shellcode-likeParsing PE
Butkits thefeast the PE-heading of the downloaded images (the Windows kernel)bootloader) - without the regular API firmware. Manual bypass of theexport table, the search for functions by name hach - behaviorto anyone who analyzed the rashcock. Binaryl notes that inUEFI legitimate applications, such a pattern is practically notfound.
Inline hookingOslArchTransferToKernel
Four of the Sixstudied Binarly boutiques (MoonBounce, CosmicStrand, ESPecter,BlackLotus) intercept the function OslArchTransferToKernel - criticalControl point from the loader kernel. But everyone uses our searchsignature and their instructions for the patch. So a single signaturewill not be written - you will have to catch on behavior.
UEFI rootkitAnalysis: Detection
Okay, end upThe theory. Let's move on to what you read it for - specificteams and tools.
Condition TestingSecure Boot
StandardVerification through mokuutilt - it shows the stateOS Considers relevant, and the boutique can fake it. Check fromseveral sources:
If mokutil--sb-state "SecureBoot's" and efivar for SecureBoot returns00 - Congratulations, this is a direct indicator of compromise. Theboutique is lying to the operating room, and she happily conveys liesto you.
UEFI configurationaudit with CHIPSEC
CHIPSEC -Open-source framework from Intel for firmware security audit. On thephysical gland, it allows you to check critical SPI-flash protectionIndications:
What to look forin the conclusion:
• •common.spi_lock- FAILED orders that SPI flash can be re-writtensoftware. The CosmicStrand implant is open.
• •common.bios_wp- checks the bits BWE, BLE, PRx. If the protection isUntilt, the firmware can be modified with the OS. Onone test, I saw FAILED on both modules at the fresh server hardwareout of the box. Vendor just didn't turn on the defense.
Extraction andAnalysis of Protware
To Find theDXE drivers, you need to remove the firmware dump and disassembleMoisture each module:
In UEFITool, lookfor DXE drivers with non-standard GUIDs abnormal,ly large size ormodules that do not match the benchmark firmware from themanufacturer. If the module is in the dump, but it is not in theDeeper-degree.
Monitoring EFISystem Partition
ESP-butts(BlackLotus, ESPecter) left artfacts on the FAT32 section. Here isHow to Look for Them:
And to ESET,BlackLotus files on the ESP have a size of 80 KB. Separatelycheck .1 . . . . . . . . . . . . . . . . Registers with its own certificate to bypass Secure Boot.
UEFI MemoryForensics
Researchers(published on arXiv, 2025) developed a change framework forUEFI memory at the pre-OS phase. Two components:
• •UefiMemDump - DXE-driver or UEFI shell-appendix to remove the memorydump for the firmware, before the OS of the Transmitted Control is
• •UEFIDumpAnalysis - a set of analysis modules: detection of hookingpointers of functions in BootServices/RuntimeServices,detection inline hooking, extracting loaded UEFI images.
Proof-of-conceptshow the discovery of CosmicStrand and Glufteba by modifyingPointers in the service tables. The Open-Scrisive Transition Is Thefirst tool of its kind for below-OS memory forensics. The Thom israw, but work.
Secure Boot: the problem revocation
The Key Problemthat BlackLotus exploits is not CVE-2022-21894, but a brokenremeability. Microsoft has released a patch, but not not addWard-window downloads to dbx (UEFI revocation list). The reasonfor ESET: The vulnerability details of the legitimatedownloaders that are still in use. Mass review can lead to theImpossibility of loading on millions of cars.
This is a systemicproblem of Secure Boot, and it looks like a vicious circle:
1. Microsoftthird sign-party downloads (shim for Linux, OEM vendor booths) withits UEFI CA key.
2. Any ofThese downloaders are vulnerable - it should be todd to dbx.
3. Addition todbxbreaks the loading of all systems that use this downloader.
4. , Thereforethe reputable do not incident - and the v credibility of exploited.
It turns outfunny: the defense mechanism do not work, because it is fear toTurning it on. The fence says “Secureu Boot” and in fact –a leaky fence.
A similar storywith LogoFAIL is a vulnerability in the BMP processing plantsInside UEFI firmware. - By to Binaryly Research, Bootkittyboutique used LogoFAIL to add self-signed certificate to thetrusted list, bypassing Secure Boot without a manual operatorInteraction. The vulnerability the affectedware of laptopsAcer, HP, Fujitsu and Lenovo. Through a picture with a logo.Seriously.
Protection againstboutiquets: what really works
Intel Boot Guard
The only mechanismthat transfers root-of-trust to immutable equipment. When the BootGuard is turned on, the verification keys are sewn in the fuses ofthe processor - software modification is impossible. Inclus toBinary Defense, at the time of writing there are in-the-wildboutiques that bypass Boot Guard. There are welchings in the keys, butThere was a work exploits in the wild.
How to check:
Update dbx
Regularly updateUEFI revocation list. Microsoft publishing updates dbx through WindowsUpdate, but on Linux you need to do this manually:
Monitoring of ESPfor change
Configure regularscanning of EFI System Partition. Any change of files in/boot/efi/EFI/USUst staffing update - reason a for theInvestigation:
Measured Boot andTPM Attestation
TPM (TrustedPlatform Module) captures the hashes of each configuration of the PCRRegisters. If there is a remote attestation server, you canExcursive detect the substrate of the downloader:
Change to PCR[4]or PCR[7] between full-monthly stresses without the system is adirect downloader rating.
ATT&CK MappingTable for Butkat Attacks
Practicalchecklist: detection of UEFI boutiquets
Step-by-stepalgorithms to check the system on a firmware threat - do again, do twoDo three:
Step 1 - Check theSecure Boot configuration. Compare the Convent Mokutil --sb-statewith direct reading UEFI-Variables via efivar. Check the list ofset MOK-keys through mokutil --list-enrolled. Unknowncertificates are a red flag.
Step 2 - SPI-flashVert protection. Launch chipsec_main and check the modules spi_lock,bios_wp, smrr. Any FAILED products that the firmware can beRe-registered software - the system is to vulnerable SPI implants.
Step 3 - Check theintegrity of ESP. Mount the section, calculate the hashs of all.efi- files, compare with the reference values. Pay attention tofiles size 50-100 KB with non-standard names.
Step 4 - Removethe release dump. chipsec_util spi, then disassemble the dumpthrough UEFITool or UEFIExtract. Compare GUID and the number of DXEmodules with the reference image from the manufacturer.
Step 5 - Check ThePCR Values Of TPM. If the organization is set up by a doubattestation - compare the current PCR with basic values. WithoutAttestation - fix the PCR after a clean analysis and trackdivergences.
Step 6 - Check thebinwalk entropy of the firmware modules. An Unallion High Entropyof individual DXE modules can indicate an encrypted or packagedThe malicious load.
