44CON LONDON 2015 has ended
Back To Schedule
Thursday, September 10 • 11:00 - 11:59
Is there an EFI monster inside your apple?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

A few weeks ago I publicly disclosed an Apple EFI firmware zero day.
It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time.

EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog.
Very few tools exist to chase them.

This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.

Reference blogpost:

Plus content about EFI layout, where to seek rootkits and so on.
Essentially an introduction to EFI and how to find out potential rootkits there.


Pedro Vilaça

A leading expert in the field of not being an expert, plays with computers for more than 30 years, holds a degree in Economics and a MBA, writes a somewhat famous OS X related blog, breaks copy protections for fun and profit, annoys HackingTeam, trolls Apple’s product security policy... Read More →

Thursday September 10, 2015 11:00 - 11:59 BST
Track 1

Attendees (0)