As endpoint security tools improve, attackers target lower level firmware components to evade detection. This demo shows how malware targeting UEFI firmware, such as Black Lotus, can evade Windows device security features and EDR Vendor 1, and give attackers stealthy and persistent access to systems.
