EndPoint Detection and Response Archives

Bootkitty: The First UEFI Bootkit for Linux and Its Implications for Penetration Testers

13 May 2025 by Krishna

UEFI bootkits are sophisticated malware types that compromise the boot process, allowing attackers to execute malicious payloads before the operating system loads. By targeting the firmware, bootkits achieve unparalleled persistence, often evading traditional detection tools. Historically, these threats have targeted Windows systems due to their prevalence, leaving Linux systems relatively untouched—until now.
The emergence of Bootkitty underscores the increasing sophistication of attackers and their interest in diversifying targets, compelling cybersecurity professionals to revisit Linux firmware security strategies.

Bootkitty was first identified by cybersecurity researchers as a PoC UEFI bootkit engineered by a group called BlackCat. While there is no evidence of its deployment in active attacks, the malware’s design reflects the growing sophistication of threat actors targeting Linux environments. Bootkitty’s primary objectives include:
Disabling the Linux kernel’s signature verification.
Preloading unknown ELF binaries via the Linux initialisation process.

When Trust Turns to Trouble: Unveiling the Peril of Watering Hole Attacks for C-Suite Leaders

15 July 2024 by Krishna

The name “watering hole” aptly reflects the attack strategy. Attackers meticulously research and identify websites – industry publications, online forums, software download portals – frequented by their target audience.

Navigating the Cybersecurity Maze: EDR, MDR, XDR – Understanding Your Options

21 May 2024 by Krishna

As a C-level executive, you understand the importance of robust cybersecurity. However, choosing the proper defence can feel daunting, given the complex array of acronyms like EDR, MDR, and XDR.