Command Line Alias Attacks against Windows

Seeing the below tweet about, I wonder if anyone has done security testing against UEFI’s variables and shell aliases, similar to current attacks against the NT, the successor to OS/2, which also has console APIs (and variables).

Like Windows, UEFI also has command line shell alias command and API (part of the UEFI Shell protocol). UEFI was created back when the state-of-the-art of systems interfaces from Microsoft was OS/2 1.x, and one of the initial EFI developers was previously doing OS/2 1.x console API coding.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s