HDRoot Bootkit Analysis

preview_player
Показать описание
Learn how hackers covertly loaded a malicious payload into Windows using a Master Boot Record based bootkit commonly called "HDRoot". We'll expose how their dropper installs the bootkit to the hard drive and how it transfers execution from pre-operating system boot code to backdoored service executables running in Windows. Additionally, we'll discuss the role of stolen certificates in the attack, how the dropper masqueraded as a legitimate Microsoft executable, the use of a packer to complicate reverse engineering, and some techniques which made digital forensic analysis easier. Finally, we'll share some techniques which could be used to detect and remediate this threat.

William Showalter Resources

Kaspersky Resources
  1. Tradecraft Tuesday
  2. hacking
  3. rootkit
  4. bootkit
  5. malware
  6. virus
Рекомендации по теме
HDRoot Bootkit Analysis 0:37:50

HDRoot Bootkit Analysis

TDSS Rootkit Analysis 0:14:53

TDSS Rootkit Analysis

Stoned Bootkit Demo 0:06:57

Stoned Bootkit Demo

WARNING! Bootrash Bootkit 0:01:37

WARNING! Bootrash Bootkit Impossible to Delete

DEF CON 22 0:45:39

DEF CON 22 Summary of Attacks Against BIOS and Secure Boot

MBR locker 0:03:35

MBR locker

bootkits-a.mp4 0:04:34

bootkits-a.mp4

Let's build a 3:34:51

Let's build a rootkit!

HES2015 'Complex malware 0:53:59

HES2015 'Complex malware forensics investigation' by Paul Rascagnères & Sebastien Lari...

Horse Pill: A 0:49:28

Horse Pill: A New Type of Linux Rootkit

ToorCon XX — 0:20:58

ToorCon XX — UEFI IS SCARY - Gene Erik

MBR Locker v2.0 0:15:01

MBR Locker v2.0 от подписчика

Bootkit Trance Uplifting 0:53:53

Bootkit Trance Uplifting

Winlocker Mbrloker 0:01:06

Winlocker Mbrloker

Chester Wisniewski - 1:08:13

Chester Wisniewski - Linux Under Attack - SCALE 13x

Hardening your Information 0:40:10

Hardening your Information Security: Analyzing Active Directory

mbr 0:03:48

mbr

Darkk (2015) vs 0:02:56

Darkk (2015) vs Darkk (2016) // fripSide - black bullet [Insane]