Damn Vulnerable UEFI (DVUEFI) - плейграунд uefi

[weaver]

Damn Vulnerable UEFI (DVUEFI): An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities

Description

Inspired by projects such as Damn Vulnerable Web Application and OWASP's Damn Vulnerable Web Sockets, Damn Vulnerable UEFI (DVUEFI) is designed to help guide ethical hackers, security researchers, and firmware enthusiasts in getting started with UEFI firmware security, by facilitating the exploration of vulnerabilities by example. The DVUEFI project is engineered to simulate real-world firmware attacks, offering an environment for practicing and refining exploitation techniques. DVUEFI is accompanied by a robust, continuously evolving catalog of documented UEFI vulnerabilities. Each entry is detailed with exploitation methods, potential impacts, and strategic mitigation recommendations, serving as both a learning tool and a reference for security practitioners.

blackhat.com/us-24/arsenal/schedule/index.html#damn-vulnerable-uefi-dvuefi-an-exploitation-toolkit-and-learning-platform-for-unveiling-and-fixing-uefi-firmware-vulnerabilities-39058

На BlackHat USA Arsenal 2024 - был представлен проект "Damn Vulnerable UEFI" для моделирования реальных атак на прошивки, предлагая среду для оттачивания навыков эксплуатации уязвимостей в uefi. Проект по аналогии похож на HEVD, но с упором на UEFI.

Сам проект живет по адресу
https://github.com/hacking-support/DVUEFI