Below the OS: UEFI Scanning in Defender
All of us have seen – or at least, are familiar with – the antics of Tom and Jerry or Road Runner and Wile E. Coyote. In each one the coyote or the cat set up these elaborate plans to sabotage their foe, but time and time again, the nimble mouse and the speedy bird are able to outsmart their attackers.
In our third episode discussing Ensuring Firmware Security, hosts Nic Fillingham and Natalia Godyla speak with Shweta Jha and Gowtham Reddy about developing the tools that allow for them to stay one step ahead of cybercriminals in the cat & mouse game that is cyber security.
In this Episode You Will Learn:
- The new capabilities within Microsoft Defender to scan the Unified Extensible Firmware Interface (UEFI)
- How the LoJax attack compromised UEFI firmware
- How UEFI scanning emerged as a capability
Some Questions that We Ask:
- Has UEFI scanning always been possible?
- What types of signals is UEFI scanning searching for?
- What are the ways bad actors may adjust to avoid UEFI scanning?
Resources:
Related:
Listen to: Afternoon Cyber Tea with Ann Johnson
Listen to: Security Unlocked: CISO Series with Bret Arsenault
Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Security Unlocked is produced by Microsoft and distributed as part of The CyberWire Network.