Bootloaders.io
A curated list of known malicious bootloaders for various operating systems. Track and catalog bootloader threats with detection rules and hash prevention.
curl -s https://www.bootloaders.io/api/bootloaders.json | jq ⚠ The Problem
Malicious bootloaders and bootkits operate below the OS level, making them extremely difficult to detect and remove. Security teams need visibility into known malicious bootloaders to protect their systems.
✓ The Solution
Bootloaders.io provides a comprehensive database of known malicious bootloaders with Sigma rules, YARA signatures, and hash-based prevention strategies.
⚡ Impact
Helps organizations identify and block malicious bootloaders before they can compromise system integrity at the firmware level.
Overview
Bootloaders.io is a community-driven project cataloging known malicious bootloaders. Part of the MagicSword.io family of security projects.
Features
- Malicious Bootloader Database: Comprehensive list of known threats
- Detection Rules: Sigma and YARA rules for detection
- API Access: JSON and CSV exports for integration
- Hash Prevention: Block known malicious bootloaders by hash
Why Bootloaders Matter
Bootloaders execute before the OS loads, giving attackers:
- Persistence that survives OS reinstalls
- Ability to hide from security software
- Control over the entire boot process
Credit
Co-founded by Michael Haag. Part of the MagicSword.io family.
Protect against bootloader threats
Related Modules
AtomicLua
A combination of OffensiveLua and Learning Lua - By Defenders, for Defenders.
Atomics on a Friday
Weekly YouTube show exploring atomic tests, detection engineering, and security research. Live demonstrations and deep dives into attack techniques.
CBR-Queries
Collection of useful, up to date, Carbon Black Response Queries for threat hunting and detection.