Overview
Explore the security implications of UEFI firmware and learn how to implement a bootkit for Windows 8 x64 in this 57-minute conference talk from Hack In The Box Security Conference. Dive into the architecture of UEFI from a security perspective, focusing on the Dreamboot bootkit implementation. Discover how Dreamboot exploits UEFI firmware for privilege escalation and Windows local authentication bypass. Gain insights into UEFI development using Tianocore SDK and understand the new security risks associated with its deployment. Follow the evolution of the Windows boot process from BIOS to UEFI implementation, and examine detailed bootkit implementation techniques. Learn about reverse engineering, cryptanalysis, and low-level code analysis on Microsoft platforms from senior security researcher Sebastien Kaczmarek.
Syllabus
Intro
Boot process - BIOS mode
What's inside?
Architecture
UEFi vs BIOS API
UEFI development
Protocols and objects
Protocols - guid
Protocols - locate windows bootloader
What about security?
Boot process - UEFI mode
Bootloader debugging
Dreamboot?
Global process
In practice
NX bit (No Execute)
Kernel hooking
Patching and Write Protect flag
Bypass local authentication
Privileges escalations
Conclusion
Taught by
Hack In The Box Security Conference