Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-uefi-security
đź‘“A collection of papers/tools/exploits for UEFI security.
https://github.com/river-li/awesome-uefi-security
Last synced: about 5 hours ago
JSON representation
-
Blogs :newspaper:
- Multiple Vulnerabilities In Qualcomm And Lenovo ARM-Based Devices
- Detecting Firmware Vulnerabilities At Scale: Intel BSSA DFT Case Study
- Binarly-IO
- OpenSSL Usage In UEFI Firmware Exposes Weakness In SBOMs
- The Firmware Supply-Chain Security Is Broken: Can We Fix It?
- Leaked Intel Boot Guard Keys: What Happened? How Does It Affect The Software Supply Chain?
- Binarly Discloses High-Impact Firmware Vulnerabilities In Insyde-Based Devices
- Binarly Discovers Multiple High-Severity Vulnerabilities In AMI-Based Devices
- Binarly Finds Six High Severity Firmware Vulnerabilities In HP Enterprise Devices
- The Intel PPAM Attack Story
- Blasting Event-Driven Cornucopia
- FirmwareBleed: The Industry Fails To Adopt Return Stack Buffer Mitigations In SMM
- FwHunt The Next Chapter: Firmware Threat Detection At Scale
- A Deeper UEFI Dive Into MoonBounce
- Repeatable Failures: AMI UsbRt - Six Years Later, Firmware Attack Vector Still Affect Millions Of Enterprise Devices
- Repeatable Firmware Security Failures: 16 High Impact Vulnerabilities Discovered In HP Devices
- An In-Depth Look At The 23 High-Impact Vulnerabilities
- Why Firmware Integrity Is Insufficient For Effective Threat Detection And Hunting
- Firmware Supply Chain Is Hard(Coded)
- Attacking (Pre)EFI Ecosystem
- Cr4sh
- Exploiting AMI Aptio firmware on example of Intel NUC
- Exploring and exploiting Lenovo firmware secrets
- Exploiting SMM callout vulnerabilities in Lenovo firmware
- Breaking UEFI security with software DMA attacks
- Building reliable SMM backdoor for UEFI based platforms
- Exploiting UEFI boot script table vulnerability
- eclypsium
- FIRMWARE ATTACKS: AN ENDPOINT TIMELINE
- ONE BOOTLOADER TO LOAD THEM ALL
- FIRMWARE SECURITY REALIZATIONS – PART 2 – START YOUR MANAGEMENT ENGINE
- FIRMWARE SECURITY REALIZATIONS – PART 1 – SECURE BOOT AND DBX
- YET ANOTHER UEFI BOOTKIT DISCOVERED: MEET COSMICSTRAND
- THE ILOBLEED IMPLANT: LIGHTS OUT MANAGEMENT LIKE YOU WOULDN’T BELIEVE
- “EVIL MAID” FIRMWARE ATTACKS USING USB DEBUG
- Needles in a haystack: Picking unwanted UEFI components out of millions of samples
- A machine‑learning method to explore the UEFI landscape
- UEFI malware: How to exploit a false sense of security
- Bootkit Threat Evolution in 2011
- Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware
- Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware
- Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware
- Adventures From UEFI Land: the Hunt For the S3 Boot Script
- Zen and the Art of SMM Bug Hunting | Finding, Mitigating and Detecting UEFI Vulnerabilities
- Another Brick in the Wall: Uncovering SMM Vulnerabilities in HP Firmware
- SYNACKTIV
- Code Check(Mate) in SMM
- Through The SMM-Glass And a Vulnerability Found There.
- A Journey in Reversing UEFI Lenovo Passwords Management
- S3 Sleep, Resume and Handling Them with Type-1 Hypervisor
- Introductory Study of IOMMU (VT-d) and Kernel DMA Protection on Intel Processors
- Stepping Insyde System Management Mode
- A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
- Debugging System with DCI and Windbg
- Reverse engineering (Absolute) UEFI modules for beginners
- Experiment in extracting runtime drivers on Windows
- BIOS Based Rootkits
- Understanding modern UEFI-based platform boot
- Attacking UEFI Runtime Services and Linux
- Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
- New Attacks To Disable And Bypass Windows Management Instrumentation
- Intel BIOS Advisory – Memory Corruption in HID Drivers
- LOJAX: First UEFI rootkit found in the wild, courtesy of the Sednit group
- SYNACKTIV
- OpenSSL Usage In UEFI Firmware Exposes Weakness In SBOMs
- Using Symbolic Execution To Detect UEFI Firmware Vulnerabilities
- The Intel PPAM Attack Story
- UEFI threats moving to the ESP: Introducing ESPecter bootkit
- When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
- NCCGroup
-
Talks :speaker:
- Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
- The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
- The Evolution of Threat Actors: Firmware is the Next Frontier
- Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
- The Firmware Supply-Chain Security Is Broken: Can We Fix It?
- Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
- Breaking Secure Bootloaders
- efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
- Firmware Cartography: Charting the Course for Modern Server Compromise
- MODERN SECURE BOOT ATTACKS: Presenter’s Name Presenter's Position BYPASSING HARDWARE ROOT OF TRUST FROM SOFTWARE
- Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper
- Remotely Attacking System Firmware
- Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
- I Don't Want to Sleep Subverting Intel TXT with S3 Sleep
- INTEL AMT. STEALTH BREAKTHROUGH
- Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
- Betraying the BIOS: Where the Guardians of the BIOS are Failing
- Taking DMA Attacks to the Next Level
- The UEFI Firmware Rootkits: Myths and Reality
- Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
- Analyzing UEFI BIOSes from Attacker & Defender Viewpoints
- Extreme Privilege Escalation on Windows 8/UEFI Systems
- Protecting Data In-Use from Firmware and Physical Attacks
- Exposing Bootkits with BIOS Emulation
- A Tale of One Software Bypass of Windows 8 Secure Boot
- BIOS Chronamancy: Fixing the Core Root of Trust for Measurement
- Funderbolt Adventures in Thunderbolt DMA Attacks
- Battery Firmware Hacking
- Attacking Intel® BIOS
- Reversing and Exploiting an Apple Firmware Update
- Introducing Ring -3 Rootkits
- Preventing and Detecting Xen Hypervisor Subversions
- TPM Genie Attacking the Hardware Root of Trust For Less Than $50
- Attacks on UEFI Security
- ALL YOUR BOOT ARE BELONG TO US
- Getting into the SMRAM: SMM Reloaded
- The COW Container On Windows Who Escaped the Silo
- One Bootloader to Load Them All
- High Stakes Updates: BIOS RCE OMG WTF BBQ
- UEFI Exploitation for the Masses
- Ring 0 Ring 2 Rootkits Bypassing Defenses
- Safeguarding rootkits: IntelBootGuard
- Disabling Intel ME in Firmware
- Extreme Privilege Escalation On Windows 8/UEFI Systems
- Hacking Measured Boot and UEFI
- OuterHaven UEFI Memory Space
- Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer(pratical low level attacks against x86 authentication software)
- Hacking the Extensible Firmware Interface
- Data-only Attacks Against UEFI BIOS
- UEFI Firmware Vulnerabilities: Past, Present and Future
- BARing the System New vulnerabilities in Coreboot & UEFI based systems
- AMD Sinkclose: Universal Ring -2 Privilege Escalation
- EDR is Coming Hide Yo Sh!t
- Damn Vulnerable UEFI (DVUEFI): An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities
- LogoFAIL: Security implications of image parsing during system boot
- Attacking Intel® Trusted Execution Technology
-
Documentations :book:
-
Development :computer:
-
Bootkits :bomb:
-
Tools :hammer:
- UEFITool
- Voyager
- uefi-rs
- efiXplorer
- brick
- fwhunt-scan
- qiling
- efiSeek
- efi_fuzz - guided emulator-based NVRAM fuzzer for UEFI (based on qiling).
- efi_dxe_emulator
- uefi-firmware-parser
- uefi-retool
- BIOSUtiities
- innoextract
- Chipsec
- EfiGuard
- ghidra-firmware-utils
- dropWPBT
- fwexpl
- fiano
- UefiVarMonitor
- VBiosFinder
- kraft_dinner
- efi-memory
- smram_parse
- ebvm
- UEFI-SecureBoot-SignTool
- PciLeech
- bob_efi_fuzzer
- tsffs - guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS, released by Intel.
- efi-inspector
- efi-resolver
- python-uefivars
- FwHunt
-
Vulnerabilities & Exploits :mag_right:
- CVE-2022-3430, CVE-2022-3431, CVE-2022-3432
- CVE-2022-4020
- UsbRt_ROP
- CVE-2014-8274
- Vulnerability-REsearch - IO, really a lot.
- vulnerability-disclosures
- vulnerabilities
- ThinkPwn
- Aptiocalypsis
- CVE-2022-21894
- Super-UEFIinSecureBoot-Disk
- SmmExploit
- CERT/CC UEFI Analysis Resources - 2021-28216
- PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.
-
Papers :page_with_curl:
- RSFUZZER: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing
- A Survey on the Evolution of Bootkits Attack and Defense Techniques
- Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis
- UEFI Firmware Fuzzing with Simics Virtual Platform
- Symbolic execution for BIOS security
- Bootkits: Past, Present & Future
- Attacking Intel TXT® via SINIT code execution hijacking
- Speed Racer: Exploiting an Intel Flash Protection Race Condition
- SoK: Security Below the OS – A Security Analysis of UEFI
- UEFI Vulnerability Signature Generation using Static and Symbolic Analysis
-
Training & Courses :beginner:
-
CTF-Challenges
Categories
Sub Categories
Keywords
uefi
31
firmware
12
reverse-engineering
7
smm
6
vulnerability
5
intel
5
edk2
4
malware
4
rust
3
secure-boot
3
security
3
exploit
3
kernel
2
bootkit
2
windows
2
uefi-firmware-analysis
2
driver
2
ida-plugin
2
backdoor
2
boot
2
efi-protocols
2
dxe-driver
2
firmware-tools
2
python
2
unicorn-emulator
2
framework
2
uefi-application
2
0day
2
analysis
2
uefi-boot
2
efi
2
efi-guid
2
cross-architecture
1
binary
1
ida-pro
1
emulator
1
radare2
1
qiling
1
uefi-firmware
1
unicorn-engine
1
ghidra-plugin
1
debugger
1
d3ctf
1
d3guard
1
pwn
1
uefi-pwn
1
writeup
1
pytools
1
osdev
1
edk2-training
1