Explore an innovative approach to UEFI firmware vulnerability research in this 52-minute Black Hat conference talk. Delve into the development of efiXplorer, a tool designed to address the limitations of existing UEFI analysis instruments, particularly for x86-based systems. Learn how automated static analysis can be leveraged to hunt for vulnerabilities in UEFI firmware at scale, filling a gap in publicly available tools for this specific purpose. Gain insights from security experts Andrey Labunets, Philip Lebedev, Alex Matrosov, and Yegor Vasilenko as they discuss the challenges of reversing UEFI firmware and present their solution for more effective vulnerability detection.
EFIxplorer - Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
Overview
Syllabus
efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
Taught by
Black Hat
Related Courses
-
Static Analysis-Based Recovery of Service Function Calls in UEFI Firmware
-
The UEFI Firmware Rootkits - Myths and Reality
-
Firmware is the New Black - Analyzing Past Three Years of BIOS - UEFI Security Vulnerabilities
-
Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
-
Breaking Firmware Trust From Pre-EFI - Exploiting Early Boot Phases
-
Safeguarding UEFI Ecosystem - Firmware Supply Chain is Hardcoded
