On Mon, Sep 25, 2017 at 10:44 AM, Georgi Guninski
On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
Yes - in addition, since some attackers have been shown to compromise not only UEFI firmware, but also blobs in peripheral devices, a re-flashing of those components from HW land. In many cases, this type of recovery is 'impossible'.
Practically, individuals will take a stab on guessing attacker capability between; zero sophisticated persistence and h/w re-install survivability and act accordingly. It is difficult to get that right, if not impossible.
Thanks. I suppose it is safe guess that non-negligible part of the world is persistently owned?
Hey Georgi, On prevalence I won't speculate - but my number would be pretty low. You don't burn your fancy hardware persistence on just any target. In somewhat-related news, the cat and mouse game is getting a bit more interesting with Apple High Sierra's eficheck. While I don't expect it to remain effective long, it promises to find some 'interesting' old samples. -Travis -- Twitter https://twitter.com/tbiehn | LinkedIn http://www.linkedin.com/in/travisbiehn | GitHub http://github.com/tbiehn | TravisBiehn.com http://www.travisbiehn.com | Google Plus https://plus.google.com/+TravisBiehn