[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Researcher to demonstrate Vista attacks


By Matthew Broersma
30 April 2007

Joanna Rutkowska, a security researcher known for picking apart the 
security mechanisms built into Windows, is to demonstrate new ways for 
hackers to invade Windows Vista, including rootkit techniques and ways 
to defeat BitLocker drive encryption.

Rutkowska recently announced she will be running a training session 
called "Understanding Stealth Malware" during the Black Hat Briefings 
and Training event in Las Vegas, which runs from from 28 July to 2 

The training session, which will be co-presented by researcher Alex 
Tereshkin, promises to demonstrate new rootkits developed for Vista, 
ways of defeating hardware-based forensics systems and other techniques 
Microsoft would probably prefer the world didn't know.

Rutkowska said she, too, is aware of the need for discretion. "For 
ethical reasons we want to limit the availability of this course to only 
'legitimate' companies," she said in a post on her blog, Invisible 

Rutkowska isn't against Windows as such, but has a track record of 
ferreting out its weaknesses. She recently uncovered a number of flaws 
in Vista's much-hyped User Account Control (UAC) feature, which led 
Microsoft to declare that the feature wasn't really intended for 
security after all.

Until recently she was a researcher for Coseinc, but is now in the 
process of founding a security start-up based in Poland, she said.

Earlier this spring she demonstrated several methods that sophisticated 
rootkits can use to hide from even the most reliable detection method 
currently available - hardware-based products that read a system's RAM.

The demonstration in July will cover such methods, but will be more 
comprehensive, including unpublished techniques, implementation details, 
new code and sample rootkits.

The target will be Windows and specifically 64-bit Vista, including new 
kernel attacks against the latest 64-bit Vista builds.

"These attacks, of course, work on the fly and do not require system 
reboot and are not afraid of the TPM/BitLocker protection," she wrote.

TPM (Trusted Platform Module) refers to security systems with a hardware 
component built into the processor, designed to improve security and 
specifically to make copy-protection systems more difficult to 
circumvent. Rutkowska said the demonstrated techniques would work 
against copy-protection systems, but that this side of things wouldn't 
be specifically discussed at the demonstration.

The training is aimed at security and OS developers, forensic 
investigators and penetration testers, Rutkowska said.

Subscribe to InfoSec News