BoutiqueKit: Playing WarGames with expensive rootkits and malware

DEF CON 21

Presented by: Josh Thomas (m0nk)
Date: Saturday August 03, 2013
Time: 12:00 - 12:45
Location: Track 2
Track: Track 2

"Theoretical" targeted rootkits need to play by different rules than the common malware that ends up filling our inboxes with spam and attempting to steal our CC numbers... The costs involved of getting popped are huge in comparison, the value is in the secrecy of being truly hidden and embedded for the long term.

I've spent the past year considering what the next level of rootkits would look like and how we can protect ourselves against them. This talk will cover a handful of advanced hiding mechanisms at a technical level. The talk will also touch on legal implications and existing frameworks for expensive advanced threats.

Josh Thomas

Josh 'm0nk' Thomas (@m0nk_dot) Security researcher, mobile phone geek, mesh networking evangelist and general breaker of things electronic. Typical projects of interest span the hardware / software barrier and rarely have a UI. m0nk has spent the last year or two digging deep into Android and iOS internals, with a major focus on both the network stack implementation and the driver and below hardware interfaces. He uses IDA more frequently than Eclipse (and a soldering iron more than both). His life dreams are to ride a robot unicorn on a moonlit beach and make the world a better place, but mostly the unicorn thing... Josh is currently employed by the nice people @ Accuvant LABS and the very mean people @ MonkWorks, LLC.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats