15CONTEMPORARY UEFI BOOTKITS

Image

These days, it’s rare to catch a new and innovative rootkit or bootkit in the wild. Most malware threats have migrated to user mode because modern security technologies have rendered old rootkits and bootkit methods obsolete. Security methods like Microsoft’s Kernel-Mode Code Signing Policy, PatchGuard, Virtual Secure Mode (VSM), and Device Guard create limitations for kernel-mode code modifications and raise the threshold of complexity for kernel-mode rootkit development.

The move to UEFI-based systems and spread of the Secure Boot scheme have changed the landscape of bootkit development, increasing development costs ...

Get Rootkits and Bootkits now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.