Awesome UEFI Security [](https://github.com/sindresorhus/awesome)

August 29, 2025 · View on GitHub

This repository contains a collection of UEFI/BIOS security materials. Collected my own, not comprehensive. Feel free to PR.

CTF-Challenges

Documentations :book:

Development :computer:

Some interesting projects

Bootkits :bomb:

ATT&CK Attack Vector

TimeName
Nov. 2024Bootkitty
Oct. 2022BlackLotus
Jul. 2022CosmicStrand
Jan. 2022MoonBounce
Oct. 2021Especter
Sep. 2021FinSpy
Dec. 2020Trickbot
Oct. 2020MosaicRegressor
2018LoJax

Bootkits related repositories:

Tools :hammer:

Vulnerabilities & Exploits :mag_right:

Talks :speaker:

YearConferenceTitle
2024DefconAMD Sinkclose: Universal Ring -2 Privilege Escalation
2024Blackhat USAYou've Already Been Hacked: What if There Is a Backdoor in Your UEFI OROM?
2024Blackhat USA ARSENALDamn Vulnerable UEFI (DVUEFI): An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities
2023Blackhat EuropeLogoFAIL: Security implications of image parsing during system boot
2023Blackhat AsiaThe Various Shades of Supply Chain: SBOM, N-Days and Zero Trust
2021AVARThe Evolution of Threat Actors: Firmware is the Next Frontier
2022Blackhat USABreaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases
2022Blackhat AsiaThe Firmware Supply-Chain Security Is Broken: Can We Fix It?
2021Blackhat USASafeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)
2021Blackhat USABreaking Secure Bootloaders
2020Blackhat EuropeefiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis
2019Blackhat USAFirmware Cartography: Charting the Course for Modern Server Compromise
2019Blackhat AsiaMODERN SECURE BOOT ATTACKS: Presenter’s Name Presenter's Position BYPASSING HARDWARE ROOT OF TRUST FROM SOFTWARE
2019Blackhat AsiaFinally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with Napper
2019Blackhat USABreaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
2018Blackhat USARemotely Attacking System Firmware
2018Blackhat EuropeMalware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild
2018Blackhat AsiaI Don't Want to Sleep Subverting Intel TXT with S3 Sleep
2017Blackhat USAINTEL AMT. STEALTH BREAKTHROUGH
2017Blackhat USAFirmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
2017Blackhat USABetraying the BIOS: Where the Guardians of the BIOS are Failing
2017Blackhat USATaking DMA Attacks to the Next Level
2017Blackhat AsiaThe UEFI Firmware Rootkits: Myths and Reality
2017Blackhat USAFractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
2014Blackhat EuropeAnalyzing UEFI BIOSes from Attacker & Defender Viewpoints
2014Blackhat USAExtreme Privilege Escalation on Windows 8/UEFI Systems
2014Blackhat USAProtecting Data In-Use from Firmware and Physical Attacks
2014Blackhat USAExposing Bootkits with BIOS Emulation
2013Blackhat USAA Tale of One Software Bypass of Windows 8 Secure Boot
2013Blackhat USABIOS Chronamancy: Fixing the Core Root of Trust for Measurement
2013Blackhat USAFunderbolt Adventures in Thunderbolt DMA Attacks
2011BlackhatBattery Firmware Hacking
2009Blackhat USAAttacking Intel® BIOS
2009Blackhat USAReversing and Exploiting an Apple Firmware Update
2009Blackhat DCAttacking Intel® Trusted Execution Technology
2009BlackhatIntroducing Ring -3 Rootkits
2008BlackhatPreventing and Detecting Xen Hypervisor Subversions
2018CanSecWestTPM Genie Attacking the Hardware Root of Trust For Less Than $50
2015CanSecWestA New Class of Vulnerabilities in SMI Handlers
2015CanSecWestAttacks on UEFI Security
2014CanSecWestALL YOUR BOOT ARE BELONG TO US
2009CanSecWestGetting into the SMRAM: SMM Reloaded
2022DEFCONThe COW Container On Windows Who Escaped the Silo
2022DEFCONOne Bootloader to Load Them All
2021DEFCONHigh Stakes Updates: BIOS RCE OMG WTF BBQ
2019DEFCONUEFI Exploitation for the Masses
2019DEFCONRing 0 Ring 2 Rootkits Bypassing Defenses
2019DEFCON EDR is Coming Hide Yo Sh!t
2017DEFCONSafeguarding rootkits: IntelBootGuard
2018DEFCONDisabling Intel ME in Firmware
2014DEFCONExtreme Privilege Escalation On Windows 8/UEFI Systems
2013DEFCONHacking Measured Boot and UEFI
2020DEFCONOuterHaven UEFI Memory Space
2008DEFCONBypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer(pratical low level attacks against x86 authentication software)
2007DEFCON Hacking the Extensible Firmware Interface
2022H2HCData-only Attacks Against UEFI BIOS
2022Offensive ConUEFI Firmware Vulnerabilities: Past, Present and Future
2017REconBARing the System New vulnerabilities in Coreboot & UEFI based systems

Blogs :newspaper:

Papers :page_with_curl:

YearJour/ConfPaper
2025arXivUEFI Memory Forensics: A Framework for UEFI Threat Analysis
2025NDSSFUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2
2024ASESTASE: Static Analysis Guided Symbolic Execution for UEFI Vulnerability Signature Generation
2023S&PRSFUZZER: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing
2023arXivSoK: Security Below the OS – A Security Analysis of UEFI
2023China CICA Survey on the Evolution of Bootkits Attack and Defense Techniques
2022S&PFinding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis
2022IH&MMSecHidden in Plain Sight - Persistent Alternative Mass Storage Data Streams as a Means for Data Hiding With the Help of UEFI NVRAM and Implications for IT Forensics
2020DACUEFI Firmware Fuzzing with Simics Virtual Platform
2015SYSTORThunderstrike:EFI firmware bootkits for Apple MacBooks
2015WOOTSymbolic execution for BIOS security
2014Virus BulletinBootkits: Past, Present & Future
2011Attacking Intel TXT® via SINIT code execution hijacking
2014Speed Racer: Exploiting an Intel Flash Protection Race Condition

Training & Courses :beginner: