Modern Platform-Supported Rootkits

March 18, 2015 (at 2:30 p.m.) in Attack & Research

Talks on modern rootkit techniques are often presented in conferences around the world, but most of them basically updates existing techniques to work with new kernel improvements. This talk goes beyond and proposes a new approach: the usage of many architectural (x86-64) capabilities in order to have a resilient malware. Different aspects of the architecture are going to be explored and detailed in order to demonstrate attacker leverage against detection tools. Most of those features are widely available. Some of them, are niche or fairly new enhancements. Each new idea will be discussed isolated with specific details demonstrated and discussed. After this talk, we expect the attendees to increase the pressure on the forensics tools in order to provide better coverage on platform capabilities, instead of the current assumptions we see.

Gabriel Barbosa

Gabriel Negreira Barbosa works as a security researcher at Intel. Previous to that he worked as a security researcher of the Qualys Vulnerability & Malware Research Labs (VMRL). He received the Msc title by Instituto Tecnológico de Aeronáutica (ITA), where he also worked in security projects for the Brazilian government and Microsoft Brazil.

Rodrigo Branco

Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.