-
Hi everyone and thank you for doing such an amazing framework. I am wondering if this framework can scan for vulnerabilities standalone .efi files? I have not found any mentions regarding such functionality in the documentation. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
Thank you! No scanner for .efi files specifically but the blockedlist.json does list some GUIDs and hashes that may help. There are two that may help for FW volumes: Hope this helps! edit: clarified support |
Beta Was this translation helpful? Give feedback.
Thank you!
No scanner for .efi files specifically but the blockedlist.json does list some GUIDs and hashes that may help.
There are two that may help for FW volumes:
scan_blocked.py - can scan for some known binaries within EFI FW volumes.
scan_image.py - can create a sort of fingerprint of a known good FW volume to compare against other volumes.
Hope this helps!
edit: clarified support