FW-SECUREBOOT-BYPASSDefense Evasion

SecureBoot Bypass

Use a signed-but-vulnerable bootloader / shim (BlackLotus, BootHole) — chain into ring-0 before any OS protections initialise.

§ Where this technique fits

FW-SECUREBOOT-BYPASS is catalogued under the Defense Evasion tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

LogoFAIL → UEFI bootkit → persistent ring-0
Drop a malformed JPG/PNG/BMP into the EFI partition's boot logo path. Vulnerable vendor UEFI parses it pre-OS, executes attacker code before SecureBoot's verifier — install a bootkit that survives wipe + reinstall.
step 4 / 6

§ What commonly comes next

01
UEFI Bootkit Persistence
FW-BOOTKIT · Persistence
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

LogoFAIL → UEFI bootkit → persistent ring-0

§ What commonly comes next