Hunting And Reversing Uefi Firmware Implants
Alex Ermolov Security Researcher
Alex Matrosov CEO, Founder
Yegor Vasilenko Security Researcher


This 2-day course introduces students to real-world attack scenarios on devices powered by UEFI firmware. The course starts from low-level internals of modern operating systems boot process from the perspective of a security researcher interested in bootkits analysis, detection/forensics and vulnerability research. After the OS boot process, the course goes down to the firmware, and discusses UEFI architecture and internals with focus on security researcher needs (including common vulnerabilities and design mistakes). The second part of the course focused on UEFI firmware implants (from hardware and firmware perspective), its cover threat modeling, attack surface, forensics, and reverse engineering. The course will build a mindset for hunting unknown firmware threats including the supply chain perspective.