In recent years, it's become clear that UEFI threats are real and have been deployed in the wild. UEFI implants such as LoJax and MosaicRegressor have used the lowest level of persistence, SPI flash, but is it worth it? Actors behind ESPecter bootkit think that compromising the bootloader is the way. This session will explain why and how to protect against this and similar threats.

RSA® Conference, the world’s leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year’s event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and cybersecurity-focused innovations across crypto and blockchain.

ESPecter: Showing the Future of UEFI Threats

Conference: RSA Conference 2022

Abstract

Post a comment

Related work

Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild

Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)

EDR Is Coming; Hide Yo Sh!t

Breaking Bootloaders on the Cheap

A Measured Response to a Grain of Rice

From Illuminating to Eliminating Crypto Jacking Techniques in Cloud Native