______ ____ ____ __ __ __
|_ _ `. |_ _| |_ _| [ | [ | [ |
| | `. \ ,--. _ .--..--. _ .--. \ \ / /__ _ | | _ .--. .---. _ .--. ,--. | |.--. | | .---.
| | | |`'_\ : [ `.-. .-. | [ `.-. | \ \ / /[ | | | | | [ `.-. |/ /__\\[ `/'`\]`'_\ : | '/'`\ \| |/ /__\\
_| |_.' /// | |, | | | | | | | | | | \ ' / | \_/ |, | | | | | || \__., | | // | |, | \__/ || || \__.,
|______.' \'-;__/[___||__||__][___||__] \_/ '.__.'_/[___][___||__]'.__.'[___] \'-;__/[__;.__.'[___]'.__.'
_____ _____ ________ ________ _____
|_ _||_ _||_ __ ||_ __ ||_ _|
| | | | | |_ \_| | |_ \_| | |
| ' ' | | _| _ | _| | |
\ \__/ / _| |__/ | _| |_ _| |_
`.__.' |________||_____| |_____|
An Exploitation Toolkit and Learning Platform for Unveiling and Fixing UEFI Firmware Vulnerabilities
Inspired by projects such as Damn Vulnerable Web Application and OWASP's Damn Vulnerable Web Sockets, Damn Vulnerable UEFI (DVUEFI) is designed to help guide ethical hackers, security researchers, and firmware enthusiasts in getting started with UEFI firmware security, by facilitating the exploration of vulnerabilities by example.
The DVUEFI project is engineered to simulate real-world firmware attacks, offering an environment for practicing and refining exploitation techniques.
DVUEFI is accompanied by a robust, continuously evolving catalog of documented UEFI vulnerabilities. Each entry is detailed with exploitation methods, potential impacts, and strategic mitigation recommendations, serving as both a learning tool and a reference for security practitioners.
DEVUEFI's exploitation environment is designed to be deployable on both Windows and Linux using either QEMU or VMWare Workstation Player (the free version will suffice).
To get started setting up your exploitation environment, head over to
