Sunday, March 19, 2017

Hardened Attacks: Surviving OS rewrites using NVRAM storage

Reading through the recent WikiLeaks tool dump has yielded a great deal of Post Exploitation material. While the drama continues to unfold around the exploit portion of the dump I wanted to dive right in to what already known. A lot of the tools and methods were known publicly already. However just because something is old does not mean it is useless. The one thing that was of particular interest outside of the better known methods was the ability to survive OS rewrites on UEFI-enabled computers. This is one of the highest aspirations for any Malware. Let's take a look at how this can be achieved using Hardware level persistent storage known as Non-Volatile RAM (NVRAM).