登录查看更多内容

Attacking UEFI Runtime Services and Linux

Masoud Ostad

Senior Cyber Security Architect/Expert | CCSP | CISSP | GCFA

发布日期: 2017年1月12日

Attackers with physical access are able to attack the firmware on many fully patched computers with DMA - Direct Memory Access. Once code execution is gained in UEFI/EFI Runtime Services it is possible to use this foothold to take control of a running Linux system.

The Linux 4.8 kernel fully randomizes the physical memory location of the kernel. There is a high likelyhood that the kernel will be randomized above 4GB on computers with sufficient memory. This means that DMA attack hardware only capable of 32-bit addressing (4GB), such as PCILeech, cannot reach the Linux kernel directly.

Since the EFI Runtime Services are usually located below 4GB they offer a way into Linux on high memory EFI booting systems.

Please see the video below for an example of how an attack may look like.

Best Regards

Masoud Ostad

Rasool Ziafaty

Software engineer

8 年

https://blog.frizk.net/2017/01/attacking-uefi-and-linux.html

Alireza Ghahrood

Founder @DiyakoSecureBow | CISO as a Service (vCISO)

8 年

Thanks 4 sharing my bro ??

1 次回应

查看更多评论

要查看或添加评论，请登录

Masoud Ostad的更多文章

Easily Extracting Malware from an Office Macro

2017年10月5日

Easily Extracting Malware from an Office Macro

Source : MalwareTech Kind regards Masoud Ostad
Dridex Banking Trojan Returns, Leverages New UAC Bypass Method

2017年1月30日

Dridex Banking Trojan Returns, Leverages New UAC Bypass Method

Key Takeaways ? First observed in July 2014, “Dridex,” a financial banking Trojan, is considered to be one of the…

2 条评论
[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads

2016年11月19日

[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads

Overview A confluence of two risky design choices, combined with various implementation issues, makes drive-by…
You Can Bypass Linux Disk Encryption by Pressing the Enter Key for 70 Seconds

2016年11月16日

You Can Bypass Linux Disk Encryption by Pressing the Enter Key for 70 Seconds

Description A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the…

6 条评论
BlackNurse Denial of Service Attack

2016年11月14日

BlackNurse Denial of Service Attack

Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING…
Ubuntu Linux Founder Tells OpenStack to Focus on Things That Matter

2016年11月7日

Ubuntu Linux Founder Tells OpenStack to Focus on Things That Matter

In the early days of OpenStack back in 2010 when the project was first getting started, Ubuntu Linux was typically the…
A malware bypassing UAC set to max (Windows 7 32bit)

2016年11月3日

A malware bypassing UAC set to max (Windows 7 32bit)

Best Regards Masoud Ostad
Ransomware Reaches the Malware Top 3 for the First Time

2016年10月25日

Ransomware Reaches the Malware Top 3 for the First Time

While everybody knows how dangerous and devastating a ransomware infection can be, the number of affected victims was…

4 条评论
Demonstration of the attempt of cracking Petya Green key by genetic algorithms

2016年10月19日

Demonstration of the attempt of cracking Petya Green key by genetic algorithms

Best Regard Masoud Ostad
Mitigate Attacks with IBM BigFix & QRadar

2016年10月17日

Mitigate Attacks with IBM BigFix & QRadar

Best Regards Masoud Ostad

3 条评论

See all articles

Attacking UEFI Runtime Services and Linux

Masoud Ostad

Senior Cyber Security Architect/Expert | CCSP | CISSP | GCFA

Masoud Ostad的更多文章

社区洞察

其他会员也浏览了

How to capture and analyze traffic with tcpdump

Build Distributed Volume using GlusterFS and RHEL v. 7.x: Two page Cheat Sheet part of the "Quick Intel" Series

Run LLM (Install Ollama) easily on Linux using command

BIOset BIO operations in the Oracle Linux Kernel

Reduce kernel boot time by deferring page table creation

Oracle VM 3.4: ovm-info command to get details within VM

Linux Load Averages

Secure Linux server 3

Masoud Ostad的更多文章

Easily Extracting Malware from an Office Macro

Dridex Banking Trojan Returns, Leverages New UAC Bypass Method

[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads

You Can Bypass Linux Disk Encryption by Pressing the Enter Key for 70 Seconds

BlackNurse Denial of Service Attack

Ubuntu Linux Founder Tells OpenStack to Focus on Things That Matter

A malware bypassing UAC set to max (Windows 7 32bit)

Ransomware Reaches the Malware Top 3 for the First Time

Demonstration of the attempt of cracking Petya Green key by genetic algorithms

Mitigate Attacks with IBM BigFix & QRadar

社区洞察

其他会员也浏览了

How to capture and analyze traffic with tcpdump

Build Distributed Volume using GlusterFS and RHEL v. 7.x: Two page Cheat Sheet part of the "Quick Intel" Series

Run LLM (Install Ollama) easily on Linux using command

BIOset BIO operations in the Oracle Linux Kernel

Reduce kernel boot time by deferring page table creation

Oracle VM 3.4: ovm-info command to get details within VM

Linux Load Averages

Secure Linux server 3