This project is part of the Black Hat USA research "Booting into Breaches: Hunting Windows SecureBoot's Remote Attack Surfaces". It helps you check if your system is affected by the 32 SecureBoot vulnerabilities discovered by Azure Yang and patched in 2024. The tool collects anonymous data for presentation in the final Black Hat talk.
SecureBoot, designed to protect against firmware-level tampering, has long been dismissed as a "local-only" attack surface. This research shatters that assumption, exposing systemic flaws that enable remote exploitation of SecureBoot—culminating in Pre-Auth RCE on fully patched systems. With 32 CVEs discovered and fixed in Microsoft's SecureBoot implementation, we reveal how attackers can weaponize bootloader components (network stacks, BCD registries, filesystems) to bypass critical security guarantees.