https://twitter.com/mattifestation/status/1011569106347286528
https://twitter.com/subTee/status/1011318358917165057
Matt Graeber
Security Researcher, SpecterOps
Jun 26
Note: I originally scrapped this post because I didn’t like that audit events were only logged once per boot due to caching, however, Casey’s tweet reminded me that I shouldn’t let perfect be the enemy of good. This is still one of the best options that I know of (without requiring a commercial solution) to log all driver loads.[…]
Firmware Security 