One of Persistence’s advanced tactics in cyber security is the PreOS Boot technique. In this article, we will introduce this security tactic to stabilize access.
- MITRE ATT&CK ID:Â T1542
- Sub-techniques: T1542.001, T1542.002, T1542.003, T1542.004, T1542.005
- Tactics: Defense Evasion, Persistence
- Platforms: Linux, Network, Windows, macOS
- Defense Bypassed: Anti-virus, File monitoring, Host intrusion prevention systems
What Is Persistence in CyberSecurity?
One of the methods and techniques used in intrusion and hacking testing is Persistence, which is performed when a malicious person accesses a system or network and implements the desired malicious agents. To prevent loss of access to the target system or network, they use techniques that make access longer than the target.
What Is PreOS Boot Tactic?Â
Note that the PreOS Boot tactic is one of the most widely used and popular methods for hackers and malware to stabilize their access because this technique, in addition to being able to do Persistence, is also a booklet of one of the Defense Evasion techniques. Through this technique, the attacker executes the malware or its access on a lower operating system layer. Before the operating system is booted, the malware and access of the attacker rise. This method is done through platforms that come up before the operating system, and these platforms also include BIOS and UEFI.
Including PreOS Boot Techniques:
- System Firmware
- Component Firmware
- Bootkit
- ROMMONkit
- TFTP Boot
How to protect your system against PreOS Boot attacks?
One of the most widely used techniques is the Boot Integrity technique. Due to this technique, we use tools and platforms to boot the system safely, which includes several sub-processes, including
- Firmware Corruption
- Modify System Image
Read More: Squiblydoo Attack – Remote Code Execution
