Rootkit for Windows 7 (x64) ?

Discussion in 'other security issues & news' started by tgell, Apr 21, 2009.

Thread Status:
Not open for further replies.
  1. tgell

    tgell Registered Member

    Nov 12, 2004
    Hack-in-the-Box Dubai 2009
    Vbootkit 2.0: Attacking Windows 7 via Boot Sectors

    This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:

    () Windows 7 Boot architecture
    () Vbootkit 2.0 architecture and inner workings
    () insight into the Windows 7 minkernel

    We will also demonstrate:

    () The use of Vbootkit in gaining access to a system without leaving traces
    () Leveraging normal programs to escalate system privileges
    () Running unsigned code in kernel
    () Remote command & Control

    All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.

    See you in Dubai
  2. Arup

    Arup Guest

    And I thought x64 was invincible from this sort of things, the patchguard from MS should be able to block most attacks but I guess, even that has been circumvented.
  3. Lucy

    Lucy Registered Member

    Apr 25, 2006
    The tool uses a privilege excalation of Vista by mean of modified boot sector.

    Well, it might be only a vulnerability which will be eventually remove. It doesn't look like a giant hole "by design"...

    Privilege escalation is the worse thing for any system as it gives access to the rights of the level reached.
  4. controler

    controler Guest

    The only way this could survive reboot is if it is attached to hardware in some way.
Thread Status:
Not open for further replies.