P. 1
John Heasman- Firmware Rootkits: The Threat to the Enterprise

John Heasman- Firmware Rootkits: The Threat to the Enterprise

Ratings: (0)|Views: 108 |Likes:
Published by White909

More info:

Published by: White909 on Dec 01, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/08/2014

pdf

text

original

 
FirmwareFirmwareRootkitsRootkits::
The Threat to the EnterpriseThe Threat to the Enterprise
John Heasman, Director of ResearchJohn Heasman, Director of Research
 
Agenda
Recap of ACPI BIOS rootkit and limitationsRecap of ACPI BIOS rootkit and limitations
Brief overview of the PCI BusBrief overview of the PCI Bus
Abusing expansion ROMsAbusing expansion ROMs
Abusing PXEAbusing PXE
Detection, Prevention and the TPMDetection, Prevention and the TPM
Summary and conclusionsSummary and conclusions
 
Rootkit Persistence
RootkitsRootkitson disk subject toon disk subject tocrosscross--view detectionview detection
Current rootkit detection tools consider only diskCurrent rootkit detection tools consider only disk
But many devices have firmwareBut many devices have firmware
Objectives for rootkit writer:Objectives for rootkit writer:--PersistPersistrootkitrootkitin firmwarein firmware--Automatic load before/during OS bootAutomatic load before/during OS boot--Bootstrap component on disk is cheating!Bootstrap component on disk is cheating!

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->