How to check Black lotus bootloader is infected in ESP partition files and other files in Windows partition.

  • Thread starter Thread starter RAJU.MSC.MATHEMATICS
  • Start date Start date
R

RAJU.MSC.MATHEMATICS

Guest
Technical type: Intermediate Summary:BlackLotus writes malicious bootloader files to the EFI system partition (ESP) and subsequently locks them to protect them from deletion or tampering.If recently modified and locked files are identified in the ESP on a device, especially those matching known BlackLotus bootloader filenames, these should be considered highly suspect and the devices should be removed from the network to be examined for further evidence of BlackLotus or follow-on activityIn this article, I will explain how to check whether the files are infected or not 1. Open the Command Prom

Continue reading...
 
You must log in or register to reply here.

Similar threads

R
How to check Black lotus bootloader is infected in ESP partition files and other files in Windows partition.
Replies
0
Views
15
RAJU.MSC.MATHEMATICS
R
R
Deducting and preventing Blacklotus bootkit injected files in to EFI partition and inside Windows 11 and Windows 10.
Replies
0
Views
3
RAJU.MSC.MATHEMATICS
R
Back
Top