Unmasking Malicious Bootloaders with Bootloaders.io
Introducing Bootloaders.io - a curated database of malicious bootloaders with detection rules and hash-based prevention.
Originally published on Medium
Read the full article: Unmasking Malicious Bootloaders
The Bootloader Threat
Bootkits are the ultimate persistence mechanism:
- Execute before the OS
- Survive OS reinstalls
- Difficult to detect
- Provide complete system control
What is Bootloaders.io?
Bootloaders.io catalogs known malicious bootloaders with:
- File hashes
- Detection rules
- Technical analysis
- Mitigation guidance
Featured Threats
BlackLotus
The first in-the-wild UEFI bootkit to bypass Secure Boot on fully patched Windows 11.
ESPecter
UEFI bootkit discovered in 2021 targeting the EFI System Partition.
MosaicRegressor
UEFI implant discovered in 2020, one of the first documented in-the-wild UEFI attacks.
Detection Strategies
Hash-Based Detection
Monitor EFI partition for known-bad hashes.
Integrity Monitoring
Alert on unexpected changes to boot components.
Secure Boot Events
Monitor Windows Event ID 1033 for Secure Boot violations.
Get Involved
Contribute to Bootloaders.io and help defend against firmware threats.
Read the full introduction: Unmasking Malicious Bootloaders
Related Modules
Bootloaders.io
A curated list of known malicious bootloaders for various operating systems. Track and catalog bootloader threats with detection rules and hash prevention.