On Mon, Sep 25, 2017 at 10:44 AM, Georgi Guninski <guninski@guninski.com> wrote:
On Tue, Sep 19, 2017 at 01:57:33PM -0400, Travis Biehn wrote:
Yes - in addition, since some attackers have been shown to compromise not only UEFI firmware, but also blobs in peripheral devices, a re-flashing of those components from HW land. In many cases, this type of recovery is 'impossible'.
Practically, individuals will take a stab on guessing attacker capability between; zero sophisticated persistence and h/w re-install survivability and act accordingly. It is difficult to get that right, if not impossible.
Thanks. I suppose it is safe guess that non-negligible part of the world is persistently owned?
Hey Georgi, On prevalence I won't speculate - but my number would be pretty low. You don't burn your fancy hardware persistence on just any target. In somewhat-related news, the cat and mouse game is getting a bit more interesting with Apple High Sierra's eficheck. While I don't expect it to remain effective long, it promises to find some 'interesting' old samples. -Travis -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>