P. 1
John Heasman- Firmware Rootkits: The Threat to the Enterprise

John Heasman- Firmware Rootkits: The Threat to the Enterprise

|Views: 114|Likes:
Published by White909

More info:

Published by: White909 on Dec 01, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/08/2014

pdf

text

original

Scan all ROMs in system memory

Scan all ROMs in system memory

Can use /device/

Can use /device/PhysicalMemory

PhysicalMemoryprior to Win2k3 SP1
prior to Win2k3 SP1

--Though better to do this from kernel anyway

Though better to do this from kernel anyway

Disassemble ROM and ask:

Disassemble ROM and ask:

--Is it a known good image?

Is it a known good image?

--Which interrupts does it hook?

Which interrupts does it hook?
--Does it contain 32

Does it contain 32--bit code?
bit code?
--Any suspicious strings or addresses?

Any suspicious strings or addresses?
--What does it actually do?

What does it actually do?

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->