Modern Platform-Supported Rootkits presented at Troopers 2015

by Rodrigo Rubira Branco, Gabriel negreira Barbosa,

Summary : Talks on modern rootkit techniques are often presented in conferences around the world, but most of them basically updates existing techniques to work with new kernel improvements. This talk goes beyond and proposes a new approach: the usage of many architectural (x86-64) capabilities in order to have a resilient malware. Different aspects of the architecture are going to be explored and detailed in order to demonstrate attacker leverage against detection tools. Most of those features are widely available. Some of them, are niche or fairly new enhancements. Each new idea will be discussed isolated with specific details demonstrated and discussed. After this talk, we expect the attendees to increase the pressure on the forensics tools in order to provide better coverage on platform capabilities, instead of the current assumptions we see.