-
Notifications
You must be signed in to change notification settings - Fork 574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
blockedlist format unclear, newer findings missing #1830
Comments
The logic is that any criteria listed in the bracket is treated as an AND. To flag a match, all criteria have to match. Name, GUID, hash, etc. The downside is if you're off on one, the tool won't flag it. Sometimes less is more but the ability is there to refine the search. |
The blockedlist
chipsec/modules/tools/uefi/blockedlist.json
is a JSON file.Looking at it, the structure is unclear; compare the following:
and
Suggestion: Always have both
name
andguid
in every entry undermatch
. That makes the structure uniform.Originally, I just wanted to add Black Lotus:
https://github.com/binarly-io/FwHunt/blob/main/rules/Threats/BlackLotusBootkit.yml
There are some more known malicious binaries that should be added; see the
Threats
directory in Binarly's repository.The text was updated successfully, but these errors were encountered: