Anatomy of Attack Vectors and Firmware Security Below the OS null Bangalore Meet 24 May 2025 Null/OWASP Combined Meet
Abstract
Abstract:
This presentation explores the anatomy of attack vectors targeting firmware below the operating system (OS). It begins with an introduction to the fundamentals of PC firmware, including key components like BIOS, UEFI, and hardware initialization. A high-level overview of the boot process is provided to establish how early system components interact before the OS loads. The talk then delves into how attackers exploit vulnerabilities in firmware to gain persistent and stealthy access, bypassing traditional security controls.
We will examine common attack techniques, real-world examples, and discuss available security mechanisms such as Root of Trust , BIOS Guard and firmware signing. Finally, practical remediation strategies and tools for hardening firmware as well as those used for penetration testing or firmware analysis will be covered
Speaker
Timing
Starts at Saturday May 24 2025, 09:40 AM. The sessions runs for 30 minutes.