1

Can a website exploit kit theoretically contain a bootkit (it flashes your UEFI/BIOS)?

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22

1 Answers1

1

An exploit kit focuses on exploiting certain application (typically a browser). After that it generally downloads a second stage payload which adds the computer to a botnet/installs ransomware/steals your banking credentials/etcetera.

As part of the later stages, it will try to gain persistence and escalate even more if possible, May one of them be attempting to flash the BIOS/UEFI? Yes

Could it all be included in the exploit kit? Yes, although highly unlikely. That would be usuallyleft for a later binary, in the rare case it was done at all. Note that nowadays you have a group an exploit kit, which is sold to a different group, that infects computers and sells them to other groups with completely different goals... It's no longer the case that each group did everything on its own from exploitation to persistance and <whatever is their goal>

Ángel
  • 17,578
  • 3
  • 25
  • 60