The Evolution of Advanced Threats: REsearchers Arms Race
The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused on covering specific gaps in detection methods or data collection algorithms. The main direction of advanced threats like rootkits or bootkits has been to gain persistence methods to be closer to firmware and hardware levels. While modern operating systems are building mitigations to increase the cost of exploitation and malware persistence, advanced threat actors are already looking ahead for the next-lowest level of persistence.
This talk will look through the evolutionary prism of advanced threats, at the evolution—or lack of evolution—of tools for forensics and reverse engineering. During the talk, we will delve into modern platform security gaps, seeking solutions to improve auditing visibility and prevent advanced threat actors from gaining a foothold in platform levels where security sensors do not exist.
- Matrosov, Rodionov & Bratus, Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (2019)
- Modern Secure Boot Attacks: Bypassing Hardware Root of Trust from Software: slides · video (OffensiveCon 2019)
- Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller (Blackhat 2019)
- UEFI Firmware Rootkits: Myths and Reality (Blackhat 2017)
- Betraying the BIOS: Where the Guardians of the BIOS are failing: slides · video (Blackhat 2017)