FW-BOOTKITPersistence

UEFI Bootkit Persistence

Implant in the UEFI firmware or ESP — survives OS reinstall and disk wipe; classic LoJax / MoonBounce / BlackLotus territory.

§ Where this technique fits

FW-BOOTKIT is catalogued under the Persistence tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 5 on average.

§ Dossiers chaining this technique

LogoFAIL → UEFI bootkit → persistent ring-0
Drop a malformed JPG/PNG/BMP into the EFI partition's boot logo path. Vulnerable vendor UEFI parses it pre-OS, executes attacker code before SecureBoot's verifier — install a bootkit that survives wipe + reinstall.
step 5 / 6

§ What commonly comes next

01
Obfuscated Files or Information
T1027 · Defense Evasion
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

LogoFAIL → UEFI bootkit → persistent ring-0

§ What commonly comes next