all InfoSec news
Bootlicker - A Generic UEFI Bootkit Used To Achieve Initial Usermode Execution
KitPloit - PenTest Tools! www.kitploit.com
bootlicker is a legacy, extensible UEFI firmware rootkit targeting vmware hypervisor virtual machines. It is designed to achieve initial code execution within the context of the windows kernel, regardless of security settings configured.
Architecture
bootlicker takes its design from the legacy CosmicStrain, MoonBounce, and ESPECTRE rootkits to achive arbitrary code excution without triggering patchguard or other related security mechanisms.
After initial insertion into a UEFI driver firmware using the the injection utility, the shellcodes EfiMain achieves execution as the …
architecture bootkit bootlicker code code execution context design firmware hypervisor kernel legacy machines moonbounce payload rootkit rootkits security settings shellcodes targeting uefi uefi bootkit uefi firmware virtual virtual machines vmware windows windows kernel