Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-uefi-security
đź‘“A collection of papers/tools/exploits for UEFI security.
https://github.com/river-li/awesome-uefi-security
- UIUCTF-2022 SMM Cow Say 1
- UIUCTF-2022 SMM Cow Say 2
- UIUCTF-2022 SMM Cow Say 3
- UEFI Forum
- UEFI Specification v2.10
- UEFI Platform Initialization Specification v1.7a
- UEFI Shell Specification V2.2
- UEFI Platform Initialization Distribution Packaging Specification v1.1
- ACPI Specification v6.5
- EDK II
- edk2-pytool-library
- edk2-libc
- uefi-rs
- UEFI-Lessons
- arch-secure-boot
- EDK II Module Write Guide
- uefi-paint
- mitnal
- Attack Vector
- BlackLotus
- CosmicStrand
- MoonBounce
- Especter
- FinSpy
- Trickbot
- MosaicRegressor
- LoJax
- iLOBleed
- iLOBleed PDF Version - ->
- LoJax
- umap
- UEFI-Bootkit
- SmmBackdoor
- PeiBackdoor
- bootlicker
- efiXplorer
- UEFITool
- brick
- fwhunt-scan
- FwHunt
- qiling
- efiSeek
- efi_fuzz - guided emulator-based NVRAM fuzzer for UEFI (based on qiling).
- efi_dxe_emulator
- uefi-firmware-parser
- uefi-retool
- BIOSUtiities
- innoextract
- Chipsec
- LVFS
- EfiGuard
- ghidra-firmware-utils
- dropWPBT
- fwexpl
- fiano
- UefiVarMonitor
- VBiosFinder
- kraft_dinner
- Voyager
- efi-memory
- smram_parse
- ebvm
- UEFI-SecureBoot-SignTool
- PciLeech
- bob_efi_fuzzer
- uefi-rs
- tsffs - guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS, released by Intel.
- efi-inspector
- efi-resolver
- PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
- Vulnerability-REsearch - IO, really a lot.
- vulnerability-disclosures
- vulnerabilities
- CVE-2022-3430, CVE-2022-3431, CVE-2022-3432
- CVE-2022-4020
- ThinkPwn
- Aptiocalypsis
- UsbRt_ROP
- CVE-2022-21894
- CVE-2014-8274
- Super-UEFIinSecureBoot-Disk
- SmmExploit
- CERT/CC UEFI Analysis Resources - 2021-28216
- LogoFAIL: Security implications of image parsing during system boot
- The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
- The Evolution of Threat Actors: Firmware is the Next Frontier
- Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
- The Firmware Supply-Chain Security Is Broken: Can We Fix It?
- Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
- Breaking Secure Bootloaders
- efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
- Firmware Cartography: Charting the Course for Modern Server Compromise
- MODERN SECURE BOOT ATTACKS: Presenter’s Name Presenter's Position BYPASSING HARDWARE ROOT OF TRUST FROM SOFTWARE
- Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper
- Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
- Remotely Attacking System Firmware
- Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
- I Don't Want to Sleep Subverting Intel TXT with S3 Sleep
- INTEL AMT. STEALTH BREAKTHROUGH
- Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
- Betraying the BIOS: Where the Guardians of the BIOS are Failing
- Taking DMA Attacks to the Next Level
- The UEFI Firmware Rootkits: Myths and Reality
- Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
- Analyzing UEFI BIOSes from Attacker & Defender Viewpoints
- Extreme Privilege Escalation on Windows 8/UEFI Systems
- Protecting Data In-Use from Firmware and Physical Attacks
- Exposing Bootkits with BIOS Emulation
- A Tale of One Software Bypass of Windows 8 Secure Boot
- BIOS Chronamancy: Fixing the Core Root of Trust for Measurement
- Funderbolt Adventures in Thunderbolt DMA Attacks
- Battery Firmware Hacking
- Attacking Intel® BIOS
- Reversing and Exploiting an Apple Firmware Update
- Attacking Intel® Trusted Execution Technology
- Introducing Ring -3 Rootkits
- Preventing and Detecting Xen Hypervisor Subversions
- TPM Genie Attacking the Hardware Root of Trust For Less Than $50
- Attacks on UEFI Security
- ALL YOUR BOOT ARE BELONG TO US
- Getting into the SMRAM: SMM Reloaded
- The COW Container On Windows Who Escaped the Silo
- One Bootloader to Load Them All
- High Stakes Updates: BIOS RCE OMG WTF BBQ
- UEFI Exploitation for the Masses
- Ring 0 Ring 2 Rootkits Bypassing Defenses
- EDR is Coming Hide Yo Sh!t
- Safeguarding rootkits: IntelBootGuard
- Disabling Intel ME in Firmware
- Extreme Privilege Escalation On Windows 8/UEFI Systems
- Hacking Measured Boot and UEFI
- OuterHaven UEFI Memory Space
- Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer(pratical low level attacks against x86 authentication software)
- Hacking the Extensible Firmware Interface
- Data-only Attacks Against UEFI BIOS
- UEFI Firmware Vulnerabilities: Past, Present and Future
- BARing the System New vulnerabilities in Coreboot & UEFI based systems
- Binarly-IO
- Multiple Vulnerabilities In Qualcomm And Lenovo ARM-Based Devices
- OpenSSL Usage In UEFI Firmware Exposes Weakness In SBOMs
- The Firmware Supply-Chain Security Is Broken: Can We Fix It?
- Leaked Intel Boot Guard Keys: What Happened? How Does It Affect The Software Supply Chain?
- New Attacks To Disable And Bypass Windows Management Instrumentation
- Binarly Discloses High-Impact Firmware Vulnerabilities In Insyde-Based Devices
- Binarly Discovers Multiple High-Severity Vulnerabilities In AMI-Based Devices
- Binarly Finds Six High Severity Firmware Vulnerabilities In HP Enterprise Devices
- The Intel PPAM Attack Story
- Using Symbolic Execution To Detect UEFI Firmware Vulnerabilities
- Blasting Event-Driven Cornucopia
- FirmwareBleed: The Industry Fails To Adopt Return Stack Buffer Mitigations In SMM
- FwHunt The Next Chapter: Firmware Threat Detection At Scale
- A Deeper UEFI Dive Into MoonBounce
- Repeatable Failures: AMI UsbRt - Six Years Later, Firmware Attack Vector Still Affect Millions Of Enterprise Devices
- Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices
- An In-Depth Look At The 23 High-Impact Vulnerabilities
- Detecting Firmware Vulnerabilities At Scale: Intel BSSA DFT Case Study
- Why Firmware Integrity Is Insufficient For Effective Threat Detection And Hunting
- Firmware Supply Chain Is Hard(Coded)
- Attacking (Pre)EFI Ecosystem
- Cr4sh
- Exploiting AMI Aptio firmware on example of Intel NUC
- Exploring and exploiting Lenovo firmware secrets
- Exploiting SMM callout vulnerabilities in Lenovo firmware
- Breaking UEFI security with software DMA attacks
- Building reliable SMM backdoor for UEFI based platforms
- Exploiting UEFI boot script table vulnerability
- eclypsium
- FIRMWARE ATTACKS: AN ENDPOINT TIMELINE
- ONE BOOTLOADER TO LOAD THEM ALL
- FIRMWARE SECURITY REALIZATIONS – PART 2 – START YOUR MANAGEMENT ENGINE
- FIRMWARE SECURITY REALIZATIONS – PART 1 – SECURE BOOT AND DBX
- YET ANOTHER UEFI BOOTKIT DISCOVERED: MEET COSMICSTRAND
- THE ILOBLEED IMPLANT: LIGHTS OUT MANAGEMENT LIKE YOU WOULDN’T BELIEVE
- “EVIL MAID” FIRMWARE ATTACKS USING USB DEBUG
- ESET Research
- When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
- UEFI threats moving to the ESP: Introducing ESPecter bootkit
- Needles in a haystack: Picking unwanted UEFI components out of millions of samples
- A machine‑learning method to explore the UEFI landscape
- LOJAX: First UEFI rootkit found in the wild, courtesy of the Sednit group
- UEFI malware: How to exploit a false sense of security
- Bootkit Threat Evolution in 2011
- Sentinel Lab
- Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware
- Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware
- Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware
- Adventures From UEFI Land: the Hunt For the S3 Boot Script
- Zen and the Art of SMM Bug Hunting | Finding, Mitigating and Detecting UEFI Vulnerabilities
- Another Brick in the Wall: Uncovering SMM Vulnerabilities in HP Firmware
- SYNACKTIV
- Code Check(Mate) in SMM
- Through The SMM-Glass And a Vulnerability Found There.
- A Journey in Reversing UEFI Lenovo Passwords Management
- S3 Sleep, Resume and Handling Them with Type-1 Hypervisor
- Introductory Study of IOMMU (VT-d) and Kernel DMA Protection on Intel Processors
- NCCGroup
- Stepping Insyde System Management Mode
- A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
- Intel BIOS Advisory – Memory Corruption in HID Drivers
- Debugging System with DCI and Windbg
- Reverse engineering (Absolute) UEFI modules for beginners
- Experiment in extracting runtime drivers on Windows
- BIOS Based Rootkits
- Understanding modern UEFI-based platform boot
- Attacking UEFI Runtime Services and Linux
- Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
- RSFUZZER: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing
- SoK: Security Below the OS – A Security Analysis of UEFI
- A Survey on the Evolution of Bootkits Attack and Defense Techniques
- Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis
- Hidden in Plain Sight - Persistent Alternative Mass Storage Data Streams as a Means for Data Hiding With the Help of UEFI NVRAM and Implications for IT Forensics
- UEFI Firmware Fuzzing with Simics Virtual Platform
- Thunderstrike:EFI firmware bootkits for Apple MacBooks
- Symbolic execution for BIOS security
- Bootkits: Past, Present & Future
- Attacking Intel TXT® via SINIT code execution hijacking
- Speed Racer: Exploiting an Intel Flash Protection Race Condition
- Advanced x86: Introduction to BIOS & SMM
- UEFI Official Learning Center
- EDK II Secure Code Review Guide
- Tianocore Training Contents
Keywords
uefi
30
firmware
12
reverse-engineering
7
smm
6
vulnerability
5
intel
5
malware
4
secure-boot
3
security
3
edk2
3
exploit
3
rust
3
efi-protocols
2
efi-guid
2
boot
2
backdoor
2
ida-plugin
2
uefi-firmware-analysis
2
windows
2
analysis
2
kernel
2
framework
2
unicorn-emulator
2
dxe-driver
2
firmware-tools
2
driver
2
uefi-boot
2
0day
2
uefi-application
2
bootkit
2
uefi-firmware
1
twitter-client
1
zig
1
binary
1
cross-architecture
1
emulator
1
snapper
1
qiling
1
btrfs-snapshots
1
unicorn-engine
1
ghidra-plugin
1
debugger
1
btrfs
1
dynamic-analysis
1
archlinux
1
python
1
radare2
1
pytools
1
osdev
1
edk2-training
1