Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?

Black Hat via YouTube

Start learning Write review
GetSmarter Ad

AI Adoption - Drive Business Value and Organizational Impact

Learn More → Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
This 34-minute Black Hat conference talk explores the underexamined threat of backdoors in UEFI Option ROM (OROM). Discover how OROM backdoors differ from previous research that only used OROM for persistence or lateral movement. Learn about the specific capabilities and infection scenarios of dedicated OROM backdoors, with demonstrations of three novel proof-of-concept backdoors targeting Windows systems. Examine advanced evasion techniques including C2 server communication during boot, malicious code execution at kernel and userland levels through runtime DXE drivers, concealment of malicious tasks during boot, and bypassing security controls using partial identity mapping. Gain insights into defensive strategies against these sophisticated threats and understand the research initiatives needed to protect systems from UEFI OROM backdoors. Presented by Kazuki Matsuo, Security Researcher from Waseda University and FFRI Security.

Syllabus

You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?

Taught by

Black Hat

Reviews

Start your review of You've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.