UEFI is Scary: Pre-kernel attacks are getting easier

Presented at ToorCon San Diego 20 (2018), Sept. 16, 2018, 5:30 p.m. (20 minutes)

UEFI is borked. This is nothing new. But the tools are making it easier to mess with. Increase feature sets combined with easy to use platform development kits is making UEFI hacking easier. That combined with uefi code to stay resident after boot as part of the Vault 7 drop means we are in more trouble than before. Its gotten easier. Take a look at some of the kit to see for yourself!

Presenters:

  • Gene Erik
    Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene's major passion is taking those hacking concepts, distilling them down, and weaponizing them through automation and tool creation. In the real world, Gene has had experience at companies big and small doing stuff all over the IT professional space: software development; technical support; desktop support; dev(sec)ops (system administration and hardening, orchestration, vulnerability management, cloud achitecture and migration, and the software development that goes with it); network engineering; data center and storage architecture; PBX design and management; AppSec; and much more. Gene is a long time toorcon attendee with a passion for breaking (and fixing) things.

Links:

Similar Presentations: