Bootkits: Step-by-Step

Presented at HOPE X (2014), July 20, 2014, noon (60 minutes).

Basic Input/Output System (BIOS) is firmware that boots older machines. Unified Extensible Firmware Interface (UEFI) is a combination of firmware and a boot-loader that boots newer machines. As a result of the leaks by Edward Snowden, the possible existence of rootkits that can affect the BIOS and UEFI has been widely reported. Both of these technologies exist in memory that is not typically accessible remotely, which makes infection particularly difficult. The location of these technologies is even difficult to reach by the operating system, which makes detection of such an infection at this level also a difficult problem. This talk will explore all of the steps that need to take place in order to accomplish this feat, review creative measures malware has taken to tackle these problems, and review methods for detection of these kinds of infections.


Presenters:

  • Eric Koeppen
    Eric Koeppen is a member of the IBM X-Force Advanced Research Team. After graduating from Texas Tech University, he went to work for the DoD in the field of information security. Later, he left government service to become a contractor working for the Air Force, as well as other DoD customers, still in the InfoSec industry. His main areas of interest are reverse engineering (especially firmware), vulnerability research, and tool development.

Links:

Similar Presentations: