Horse Pill: A New Type of Linux Rootkit
by Michael Leibowitz
What if we took the underlying technical elements of Linux containers and used them for evil? The result a new kind rootkit, which is even able to infect and persist in systems with UEFI secure boot enabled, thanks to the way almost every Linux system boots. This works without a malicious kernel module and therefore works when kernel module signing is used to prevent loading of unsigned kernel modules. The infected system has a nearly invisible backdoor that can be remote controlled via a covert network channel.
Hope is not lost, however! Come to the talk and see how the risk can be eliminated/mitigated. While this may poke a stick in the eye of the current state of boot security, we can fix it!
Видео Horse Pill: A New Type of Linux Rootkit канала Black Hat
What if we took the underlying technical elements of Linux containers and used them for evil? The result a new kind rootkit, which is even able to infect and persist in systems with UEFI secure boot enabled, thanks to the way almost every Linux system boots. This works without a malicious kernel module and therefore works when kernel module signing is used to prevent loading of unsigned kernel modules. The infected system has a nearly invisible backdoor that can be remote controlled via a covert network channel.
Hope is not lost, however! Come to the talk and see how the risk can be eliminated/mitigated. While this may poke a stick in the eye of the current state of boot security, we can fix it!
Видео Horse Pill: A New Type of Linux Rootkit канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![AirBnBeware: Short Term Rentals Long Term Pwnage](https://i.ytimg.com/vi/9fAnRkJ6N3s/default.jpg)
![Malware Buried Deep Down the SPI Flash: Sednit's First UEFI Rootkit Found in the Wild](https://i.ytimg.com/vi/sObGrnesxv4/default.jpg)
![Security Chalk Talk: What is a rootkit?](https://i.ytimg.com/vi/H23qyUbKuHM/default.jpg)
![Stealing Data Over Open WiFi](https://i.ytimg.com/vi/NkNgW3TwMy8/default.jpg)
![SecuROM - The PC CD-ROM DRM that broke games | MVG](https://i.ytimg.com/vi/u8ltfyqD3lM/default.jpg)
![Hooking on Linux with LD_PRELOAD - Pwn Adventure 3](https://i.ytimg.com/vi/W7MC05_JN68/default.jpg)
![Meet a 12-year-old hacker and cyber security expert](https://i.ytimg.com/vi/7TpsYofbAPA/default.jpg)
![How To Detect Rootkits On Kali Linux - chkrootkit & rkhunter](https://i.ytimg.com/vi/sFOKz_fd0SA/default.jpg)
![Rootkits As Fast As Possible](https://i.ytimg.com/vi/0LvF0KtBWxY/default.jpg)
![DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering](https://i.ytimg.com/vi/HlUe0TUHOIc/default.jpg)
![Обнаружение руткитов в GNU-Linux](https://i.ytimg.com/vi/DaPA2O_rSn8/default.jpg)
![Web Security 2019](https://i.ytimg.com/vi/q99Nj-_oaQc/default.jpg)
![DEF CON 22 Blinding The Surveillance State](https://i.ytimg.com/vi/xCH_q-xn760/default.jpg)
![Demystifying Modern Windows Rootkits](https://i.ytimg.com/vi/ZASsIpdumcY/default.jpg)
![Common Linux Privilege Escalation: Writable Root PATH](https://i.ytimg.com/vi/X_ixKHvOpJQ/default.jpg)
![Does dropping usb drives in parking lots and other places really work? - Blackhat USA 2016](https://i.ytimg.com/vi/ZI5fvU5QKwQ/default.jpg)
![DEF CON 26 - Sean Metcalf - Exploiting Active Directory Administrator Insecurities](https://i.ytimg.com/vi/ze1UcSLOypw/default.jpg)
![DEF CON 24 - How to Do it Wrong: Smartphone Antivirus and Security Applications Under Fire](https://i.ytimg.com/vi/gOSogzEsHWQ/default.jpg)
![35C3 - SiliVaccine: North Korea's Weapon of Mass Detection](https://i.ytimg.com/vi/7xcLAiWQm9Y/default.jpg)
![Break Me00 The MoVfuscator Turning mov into a soul crushing RE nightmare Christopher Domas](https://i.ytimg.com/vi/R7EEoWg6Ekk/default.jpg)