当前位置:首页 > 报告详情

启动漏洞:搜寻 Windows 安全启动的远程攻击面.pdf

上传人: 竿*** 编号:981910 2025-11-29 86页 13.13MB

1、#BHUSA BlackHatEventsBooting into BreachesHunting Windows SecureBootsRemote Attack SurfacesAzure Yang CyberKunlun#BHUSA BlackHatEventsAbout meAzure Yang 4zure9Security Researcher Cyber Kunlun|MSRC MVR(20222025)Started journey into Windows security from late 2021 Discovered 79 public CVEs in Windows

2、security,specializing in bootloaders,remote vulnerabilities.Ranked#5 on MSRCs 2024/2025 annual Windows Leaderboard and#2 in 2023Q4 for SecureBoot research.Retired CTF player,DEF CON CTF Black Badge owner.Blending offensive expertise into defensive evolution.#BHUSA BlackHatEventsAgenda Background Att

3、ack surface in bootloader Network protocol BCD Registry Security Policy Filesystem Logic flaw How to fuzz Attack surface beyond bootloader Future Work&Take Aways#BHUSA BlackHatEventsWhy Explore SecureBoot?Exploring unknown area is attractive for researcher The foundation of computer security starts

4、with SecureBoot process SecureBoot vulnerabilities in Windows is rare in past decade.#BHUSA BlackHatEventsSecureBoot The bigger picture Mobile Hardware lockout implementation PC UEFI Using digital signatures and certificates to establishing a chain of trust from hardware to OS#BHUSA BlackHatEventsMo

5、bile Secureboot#BHUSA BlackHatEventsSecureBoot Where is enforced#BHUSA BlackHatEventsWhat makes the SecureBoot breaches Despite fixed in code and the updates has already been shipped,all my 32 Secure Boot Vulnerabilities findings still exploitable by default PCA2011 gets expired in 2026 PCA2023 UEFI

6、 var DBX 32K limit Compatibility issue#BHUSA BlackHatEventsFixed in CVETitleIn wildScoreCVSS2016-Jul CVE-2016-3287Secure Boot Security Feature Bypass VulnerabilityFALSE6.2CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C2016-Aug CVE-2016-3320Secure Boot Security Feature Bypass Vulnerability

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据文章内容,以下是全文关键点的概括: 1. **作者背景**:Azure Yang,安全研究员,专注于Windows安全,特别是引导加载程序和远程漏洞。 2. **研究重点**:SecureBoot的远程攻击面,包括网络协议、BCD注册表、安全策略、文件系统等。 3. **发现漏洞**:发现了79个Windows安全CVE,包括32个SecureBoot漏洞,其中一些即使在代码修复后仍可利用。 4. **攻击向量**:包括物理、本地、远程和相邻网络攻击。 5. **研究方法**:模糊测试、审计和代码分析。 6. **影响范围**:大多数启用UEFI SecureBoot的PC,包括Linux和Windows系统。 7. **工具和技术**:使用AFL++、NYX模式和Intel PT进行模糊测试。 8. **未来工作**:继续研究bootmgfw.efi和其他攻击面,如Winload.efi和特定硬件固件。 9. **总结**:SecureBoot漏洞可能导致远程代码执行,对系统安全构成严重威胁。
"SecureBoot漏洞揭秘" "Windows安全漏洞大揭秘" "Bootloader攻击面分析"
客服
商务合作
小程序
服务号
折叠