The Evolution of Advanced Threats: REsearchers Arms Race

Alex Matrosov

The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused on covering specific gaps in detection methods or data collection algorithms. The main direction of advanced threats like rootkits or bootkits has been to gain persistence methods to be closer to firmware and hardware levels. While modern operating systems are building mitigations to increase the cost of exploitation and malware persistence, advanced threat actors are already looking ahead for the next-lowest level of persistence.

This talk will look through the evolutionary prism of advanced threats, at the evolution—or lack of evolution—of tools for forensics and reverse engineering. During the talk, we will delve into modern platform security gaps, seeking solutions to improve auditing visibility and prevent advanced threat actors from gaining a foothold in platform levels where security sensors do not exist.