This 4-day course introduces students to real-world attack scenarios on devices powered by UEFI firmware. The course starts from low-level internals of modern operating systems boot process from the perspective of a security researcher interested in bootkits analysis, detection/forensics and vulnerability research. After the OS boot process, the course going down to the firmware, and discuss UEFI architecture and internals with focus on security researcher needs (include common vulnerabilities and design mistakes). The second part of the course focused on UEFI firmware implants (from hardware and firmware perspective), it’s cover threat modeling, attack surface, forensics, and reverse engineering. The course will build a mindset for hunting unknown firmware threats include the supply chain perspective.
Students will learn about UEFI internals from different perspectives such as firmware implant developer, malware and vulnerability researcher over the course. After the course, students will have knowledge about common firmware attacks, exploits, security feature bypasses and architectural mistakes in the firmware development process which can potentially lead successful implant installation. During the course, most part of exercises based on hardware-based challenges specially created to have the same environment as in real life.