Fortinet: How to Cost-Effectively Dynamically Analyze UEFI Malware

By Minh Tran | May 14, 2019

A FortiGuard Labs How-To Guide for Cybersecurity Threat Researchers

Unified Extensible Firmware Interface (UEFI) is a specification that defines an interface between platform firmware and an OS. In a nutshell, UEFI replaces the BIOS in previous systems. Since UEFI is required for Secure Boot (ever since the Windows 8 operating system released in 2012), virtually all modern PCs come with UEFI firmware. Naturally, with the growing popularity of UEFI systems, and the fact that UEFI firmwares have even higher privilege than the OS/ hypervisor, adversaries are starting to focus on exploiting this new attack surface. This is evidenced by the UEFI rootkit found recently from the Sednit group.Consequently, there is a pressing need for security researchers to be able to handle this novel threat. In this blog post, we will show you how.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s