Security Unlocked 4.21.21
Ep 24 | 4.21.21

Below the OS: UEFI Scanning in Defender

Show Notes

All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers.

In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to stay one step ahead of cybercriminals in the cat & mouse game that is cyber security.  

In this Episode You Will Learn: 

  • The new capabilities within Microsoft Defender to scan the Unified Extensible Firmware Interface (UEFI)
  • How the LoJax attack compromised UEFI firmware
  • How UEFI scanning emerged as a capability

Some Questions that We Ask: 

  • Has UEFI scanning always been possible? 
  • What types of signals is UEFI scanning searching for? 
  • What are the ways bad actors may adjust to avoid UEFI scanning? 

Resources:  

Shweta Jha’s LinkedIn

Gowtham Reddy’s LinkedIn

Defender Blog Post

Microsoft Security Blog

Related:

Listen to: Afternoon Cyber Tea with Ann Johnson

Listen to: Security Unlocked: CISO Series with Bret Arsenault 


Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.