Is there an EFI monster inside your apple? fG! @ SyScan360 2015 Who am I? §  An Economist. §  Who loves Human Behavior. §  And politics. §  Oh, and a bit of computers. EFI Monsters? §  Introduction to EFI. §  How to §  Reverse engineer (U)EFI binaries. §  Search for (U)EFI rootkits. Assumptions §  Reference machine §  MacBook Pro Retina 10,1. §  64-bit only OS X versions. §  Sandy Bridge or newer. Why EFI? §  BIOS replacement. §  Initially developed by Intel. §  http://www.intel.com/content/www/us/en/ architecture-and-technology/unified-extensible- firmware-interface/efi-specifications-general- technology.html §  Now UEFI, managed by UEFI consortium. §  http://www.uefi.org Why EFI? §  Initializes your machine. §  Access to low level features. §  Modular. §  Feature rich. §  Rather easy development in C.