Command Line Alias Attacks against Windows

Seeing the below tweet about, I wonder if anyone has done security testing against UEFI’s variables and shell aliases, similar to current attacks against the NT, the successor to OS/2, which also has console APIs (and variables).

Like Windows, UEFI also has command line shell alias command and API (part of the UEFI Shell protocol). UEFI was created back when the state-of-the-art of systems interfaces from Microsoft was OS/2 1.x, and one of the initial EFI developers was previously doing OS/2 1.x console API coding.

https://github.com/tianocore/edk2/blob/master/ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c

https://en.wikipedia.org/wiki/Alias_(command)#cite_note-EFI-Shells-and-Scripting-3

https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/Shell.h

http://h17007.www1.hpe.com/docs/iss/proliant_uefi/UEFI_Edgeline_103117/v28070872.html

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s