当前位置:首页 > 报告详情

Shade BIOS:释放 UEFI 恶意软件的全部隐蔽性.pdf

上传人: 竿*** 编号:981884 2025-11-29 44页 2.13MB

1、#BHUSA BlackHatEventsShade BIOSShade BIOSUnleashing the Full Stealth of UEFI MalwareUnleashing the Full Stealth of UEFI MalwareKazuki Matsuo(InfPCTechStack)2025/08/06 Oceanside C,Level 2#BHUSA BlackHatEventsWhoami-Kazuki Matsuo(InfPCTechStack)TitleSecurity Researcher at FFRI Security,Inc.InterestsUE

2、FI BIOS,SMM(Negative Rings)Previous workSmmPack:Obfuscation for SMM Modules with TPM Sealed Key DIMVA 2024Youve Already Been Hacked:What if There Is a Backdoor in Your UEFI OROM?BHUSA 2024#BHUSA BlackHatEventsImportance of UEFI SecurityIs infecting BIOS overkill?Well,what about in these two fields N

3、ational Security BIOS is a reasonable place to install backdoors Many companies are involved in its vast supply chain(unlike OS,VMM,CPU)Leaked documents and toolkits,such as Vault 7 and vector-edk clearly confirm thatUEFI security is considered to be criticalCloud Security Can compromise every VMs S

4、trong rivalry with hypervisor-basedsecurity Fractured,AmliImage from https:/www.binarly.io/blog/attacking-pre-efi-ecosystem#BHUSA BlackHatEventsChallenges of Existing UEFI malwareIn-the-wild UEFI bootkits(Lojax-BlackLotus)After all,they all perform malicious activities in userland or kernel Not pure

5、-BIOS malware(they just support userland/kernel malbehaviors)Dependent on OS-level security(despite BIOS having higher privileges than OS)Leaked BIOS/UEFI backdoors(Jetplow,vector-edk,)Legacy BIOS or SMM backdoors:Very specific attack targets UEFI backdoors:Identical to UEFI bootkitsPoC BIOS/UEFI ma

6、lware in the research fields There are several SMM backdoors but they require device-specific implementation=They suffer from OS&Hardware-Dependence#BHUSA BlackHatEventsOS Dependence of Existing BootkitsThey can disable OS security mechanisms ESPector disables DSE(Driver Signature Enforcement)Cosmic

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Shade BIOS》文档,主要内容如下: 1. **UEFI安全重要性**:BIOS是安装后门的合理位置,涉及众多公司,且UEFI安全对国家安全和云安全至关重要。 2. **现有UEFI恶意软件挑战**:现有恶意软件依赖操作系统,难以实现纯BIOS恶意软件。 3. **Shade BIOS介绍**:Shade BIOS通过保留BIOS在内存中,允许在运行时使用UEFI功能,实现设备独立和易于实现的纯BIOS恶意软件。 4. **Shade BIOS实现**:通过修改内存映射、虚拟化内存、保留资源、设备设置和独家控制来实现。 5. **Shade BIOS优势**:实现纯BIOS恶意软件,减少对操作系统和硬件的依赖。 6. **Shade BIOS局限性**:需要nt!MmGetVirtualForPhysical()调用,可能被操作系统检测。 7. **检测Shade BIOS**:通过内存取证和预防性检查来检测。 8. **未来工作**:改进Shade BIOS,支持更多UEFI功能,并研究SMM隔离绕过技术。
**BIOS漏洞揭秘** **UEFI安全挑战** **纯BIOS恶意软件解析**
客服
商务合作
小程序
服务号
折叠