Re: Rootkit Detection - No Worries

[Adam Shostack <adam () homeport org>]

On Tue, Jun 28, 2005 at 03:03:37PM +0100, Steve Wilson wrote:
| Now, rootkits aren't really my thing, so feel free to point and laugh
| - - but I seem to recall there being discussion during Greg Hoglund and
| Jamie Butler's rootkit training course at Blackhat last year re:
| infecting hardware (or, more to the point flashable firmware type
| stuff) such that malicious code could survive warm reboots, cold
| reboots and even hard drive reformatting/replacement. I've heard some
| other random discussions and anecdotal evidence to suggest that this
| might be possible. 
|
| Sadly, I have neither the spare time, nor the hands-on
| hardware/firmware experience to know just how realistic a scenario
| this is. Is anyone on-list looking in detail at this sort of stuff?
| Is it realistic, or more science-fiction based? I, for one, would
| love to know. :-)

The last chapter of Hoglund & McGraw 'Exploiting Software' covers ways
to do this.

I'd also look at the Dornsief and Maynor presentations on Firewire at
Cansecwest this year.

Adam
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave