T1542.003 – D E C E I V E R . I O

Deceive, Detect, Engage

Threat Hunting Scenario: UEFI Bootkit (CVE-2024-7344)

Attackers may exploit CVE-2024-7344 to bypass UEFI Secure Boot and deploy a malicious bootkit, achieving persistence and potentially exfiltrating sensitive data or disrupting system operations.

Bootkitty – UEFI Bootkit for Linux

Bootkitty is a UEFI bootkit that is executed early in the boot process, before the operating system is loaded. It installs hooks to intercept and modify the normal boot process, allowing it to persist even if the operating system is reinstalled or updated. The bootkit specifically targets the GRUB bootloader and the Linux kernel, patching them in memory to disable security checks and load malicious code.

Tag: T1542.003

Threat Hunting Scenario: UEFI Bootkit (CVE-2024-7344)

Bootkitty – UEFI Bootkit for Linux

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense