Not-Too-Safe Boot

In this paper, the authors provide an in-depth analysis of the Not-Too-Safe Boot technique, which has been designed to bypass Endpoint Security Solutions like antivirus (AV), endpoint detection and response (EDR) and anti-tampering mechanisms remotely. This method builds on a local execution technique first published in 2007 and later utilized in a real world scenario by a ransomware in 2019.

analysis antivirus authors boot bypass detection detection and response edr endpoint endpoint detection endpoint detection and response endpoint security endpoint security solutions local ransomware response safe safe boot scenario security security solutions solutions tampering world