Abstract -Talks on modern rootkit techniques are often presented in conferences around the world, but most of them basically updates existing techniques to work with new kernel improvements. This talk goes beyond and proposes a new approach: the usage of many architectural (x86-64) capabilities in order to have a resilient malware. Different aspects of the architecture are going to be explored and detailed in order to demonstrate attacker leverage against detection tools. Most of those features are widely available. Some of them, are niche or fairly new enhancements. Each new idea will be discussed isolated with specific details demonstrated and discussed. After this talk, we expect the attendees to increase the pressure on the forensics tools in order to provide better coverage on platform capabilities, instead of the current assumptions we see.
Bio - Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation in the Security Center of Excellence where he leads the Client Core Team. He is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, OLS, Defcon, Hackito, Zero Nights, Troopers and many others.