A forum for reverse engineering, OS internals and malware analysis 

REBoot, not just another bootkit

All off-topic discussion goes here.

REBoot, not just another bootkit

 #23341  by kareldjag/michk
 Fri Jul 11, 2014 3:34 pm
Hi,

A possible evolution in bootkit subversion and masquerading.
The slide from Amsterdam conf. http://haxpo.nl/wp-content/uploads/2014 ... isited.pdf

Possible attacks to bypass Secure Boot http://haxpo.nl/wp-content/uploads/2014 ... e-Boot.pdf

The source https://github.com/sogeti-esec-lab/REBoot

Already exists via N S A

Rgds

Re: REBoot, not just another bootkit

 #23342  by EP_X0FF
 Fri Jul 11, 2014 4:53 pm
The problem of loading unsigned drivers on x64 was solved five years ago. No need this trash. Ironically if I now go to computer shop to buy new hardware - it all will be totally immune for this.

Re: REBoot, not just another bootkit

 #23408  by kareldjag/michk
 Fri Jul 18, 2014 7:59 pm
Hi

The idea was to find a general method applied for all Windows systems.
Limited Os interaction attack can also be applied for defense.
From a forensic perspective, it is an interesting method for defeating HD Encryption.
The two commercial solution currently available take advantage of encryption solutions implementation with Windows "weaknesses" (hibernation file, memory remanence, Evil Maid attack).
Even the company who wants to save the world is agree with a solution that takes advantage of Pre-OS phase
http://securelist.com/blog/research/637 ... m-startup/

I do not call this demo "trash" ;) , even for more basic project like TinyXPB, a bootkit demo designed for XP
https://github.com/MalwareTech/TinyXPB
http://fr.scribd.com/doc/217533462/Tiny ... it-Bootkit

Rgds
 Return to “General Discussion”