Can a website exploit kit theoretically contain a bootkit (it flashes your UEFI/BIOS)?
Asked
Active
Viewed 103 times
1 Answers
1
An exploit kit focuses on exploiting certain application (typically a browser). After that it generally downloads a second stage payload which adds the computer to a botnet/installs ransomware/steals your banking credentials/etcetera.
As part of the later stages, it will try to gain persistence and escalate even more if possible, May one of them be attempting to flash the BIOS/UEFI? Yes
Could it all be included in the exploit kit? Yes, although highly unlikely. That would be usuallyleft for a later binary, in the rare case it was done at all. Note that nowadays you have a group an exploit kit, which is sold to a different group, that infects computers and sells them to other groups with completely different goals... It's no longer the case that each group did everything on its own from exploitation to persistance and <whatever is their goal>
Ángel
- 17,578
- 3
- 25
- 60
-
And what? The suspension is killing me! – Sir Muffington Oct 22 '19 at 18:28
-
Thanks for the heads up @SirMuffington. The end was in the source but not being rendered – Ángel Oct 23 '19 at 04:55