Full Disclosure mailing list archives
Re: SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)
From: "<...>" <massimo () grandmedia si>
Date: Thu, 22 Jun 2006 16:31:03 +0200
i wonder if joanna knows how much free consultancy she is giving to MS doing this on the beta 2 kernel----- Original Message ----- From: "thomas48" <thomas48 () singnet com sg> To: <security-basics () securityfocus com>; <firewalls () securityfocus com>; <full-disclosure () lists grok org uk>; <bugtraq () securityfocus com>; <focus-ids () securityfocus com>; <newslist () security-briefings com>; <forensics () securityfocus com>; <vuln-dev () securityfocus com>; <webappsec () securityfocus com>
Cc: <organiser () syscan org> Sent: Sunday, June 18, 2006 4:36 PMSubject: SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)
This is a brand new presentation and its going public for the very first time in SyScan'06.Joanna Rutkowska, a senior researcher of COSEINC Research, will present her latest technique in bypassing and attacking the latest Mircosoft Vista operating system kernel.The presentation will first present how to generically (i.e. not relaying on any implementation bug) insert arbitrary code into the latest Vista Beta 2 kernel (x64 edition), thus effectively bypassing the (in)famous Vista policy for allowing only digitally singed code to be loaded into kernel. The presented attack does not requite system reboot.Next, creation of Stealth by Design malware for Vista x64 will be briefly discussed. This will be the base for introducing the new approach (codenamed 'blue pill') for writing undetectable malware on the latest AMD64 processors. The ultimate goal is to demonstrate that is possible (or soon will be) to create an undetectable malware which is not based on a concept, but, similarly to modern cryptography, on the strength of the 'algorithm'.A working blue pill will be demonstrated. Please visit www.syscan.org for more.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista) thomas48 (Jun 18)
- Re: SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista) <...> (Jun 22)