Dailydave mailing list archives
Re: Rootkit Detection - No Worries
From: Adam Shostack <adam () homeport org>
Date: Tue, 28 Jun 2005 12:57:45 -0400
On Tue, Jun 28, 2005 at 03:03:37PM +0100, Steve Wilson wrote: | Now, rootkits aren't really my thing, so feel free to point and laugh | - - but I seem to recall there being discussion during Greg Hoglund and | Jamie Butler's rootkit training course at Blackhat last year re: | infecting hardware (or, more to the point flashable firmware type | stuff) such that malicious code could survive warm reboots, cold | reboots and even hard drive reformatting/replacement. I've heard some | other random discussions and anecdotal evidence to suggest that this | might be possible. | | Sadly, I have neither the spare time, nor the hands-on | hardware/firmware experience to know just how realistic a scenario | this is. Is anyone on-list looking in detail at this sort of stuff? | Is it realistic, or more science-fiction based? I, for one, would | love to know. :-) The last chapter of Hoglund & McGraw 'Exploiting Software' covers ways to do this. I'd also look at the Dornsief and Maynor presentations on Firewire at Cansecwest this year. Adam _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Rootkit Detection - No Worries Gage (Jun 19)
- RE: Rootkit Detection - No Worries Steve Wilson (Jun 28)
- Re: Rootkit Detection - No Worries Adam Shostack (Jun 28)
- RE: Rootkit Detection - No Worries Mark (Jun 29)
- RE: Rootkit Detection - No Worries Steve Wilson (Jun 28)