Posts

Revisiting LoJax: The First UEFI Rootkit Found in the Wild

Image
  Revisiting LoJax: The First UEFI Rootkit Found in the Wild Lessons from Firmware-Level Attacks on Modern Platforms     “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti   Seeker( 李标明 ) · @clibm079     China · Independent Malware Analyst & Researcher  From 2025.12.3 to 2025.12.17 Prologue: Ever climbing, with poetry to mark the rhythm Last time, at the end of the article titled “Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations,” I had noticed the first UEFI firmware rootkit, LoJax, in the wild in 2018 . Earlier than that time, I consciously collected some relevant malware samples, but I found it’s very hard for me to directly do analysis. And later in the process of malware research, I already understood the basic kernel, ATA IOCTL, IRPs, loaders, and VM-based knowledge...
Post a Comment
Read more

PE-bear: The Art of Intuitive Malware Analysis

Image
PE-bear: The Art of Intuitive Malware Analysis How Visual Design Turns the ‘First View’ into Actionable Insights for Reverse Engineering     “To understand the immeasurable, the mind must be extraordinarily quiet, still.” — Jiddu Krishnamurti   Seeker( 李标明 ) · @clibm079     China · Independent Malware Analyst & Researcher  From 2025.11.14 to 2025.11.21 Prologue: document the insights I gained Last time, I published an article titled “Revisiting SubVirt & Blue Pill: From Attacker Proof-of-Concepts to Defensive Foundations.” Somewhere along the way, I noticed my hair turning gray faster than expected—a reminder of the pressure that comes with this path, and something I’ve gradually learned to manage.   In the world of malware research, I sometimes feel like a mountaineer: constantly climbing, constantly adapting, and always facing the next challenging peak. ...
Post a Comment
Read more