Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

This page summarizes the projects mentioned and recommended in the original post on /r/hardware
Poc Linux secure-boot anti-cheat Uefi

SurveyJS
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
Our great sponsors

  • CVE-2022-21894

    baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

    • As for BlackLotus specifically: - It first loads an older (signed) copy of bootmgfw.efi (the Windows bootloader) that is vulnerable to baton drop. - It executes a payload (using the vulnerability in bootmgfw.efi to obtain code execution) that installs a MOK. - It then executes the bootkit (distributed as a UEFI application) using a (signed) Shim binary as the first-stage loader.

  • AreWeAntiCheatYet

    A comprehensive and crowd-sourced list of games using anti-cheats and their compatibility with GNU/Linux or Wine.

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts