In this paper, the authors provide an in-depth analysis of the
Not-Too-Safe Boot technique, which has been designed to bypass
Endpoint Security Solutions like antivirus (AV), endpoint detection
and response (EDR) and anti-tampering mechanisms remotely. This
method builds on a local execution technique first published in
2007 and later utilized in a real world scenario by a ransomware in
2019.
Read more https://packetstormsecurity.com/files/172393/ZDZ.Not-Too-Safe-Boot.pdf