UEFI security has been a hot topic for the last few years. Several high-impact vulnerabilities have been found, and even a few rootkits exposed. Finding such rootkits in-the-wild is a very challenging task. This presentation will go over techniques to hunt them, how machine learning can help and detail the very first UEFI rootkit used by none other than the infamous APT group Fancy Bear.
Learning Objectives: 1: Understand how machine learning can help identify UEFI malware in the wild. 2: Find out UEFI rootkits are not limited to academic proofs of concept: they are real threats. 3: Get a better understanding of how to prevent and mitigate boot-level threats.
Pre-Requisites: Attendees should have basic knowledge in computer security, UEFI/BIOS and machine learning.