Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nitin Kumar & Vipin Kumar: "please remember to give necessary credit to the authors" PKB.

From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 26 Apr 2007 22:39:27 +0100
On 26 April 2007 22:29, Joanna Rutkowska wrote:


If I'm mistaken and if this attack worked indeed on Vista with
Bitlocker/TPM enabled, then it would be a *very* nice piece of work! But
it clearly seems it does not...


  I can't say for certain, but I don't see them claiming to have defeated it,
so I think you're most likely right.
 

Personally I prefer attacks which allow one to get into kernel on the
fly, without reboot ;) 


  Heh, I have the facilities available to me to write custom USB devices.
I've managed to make the kernel divide by zero entirely accidentally, but I
haven't had time to try finding an exploitable overflow.  I just *know* they
must be there, though.


Still, however, I must say I very much enjoyed
the work by Derek Soeder and also later by John Heasman -- please note
however that they did not present it as "kernel compromising attacks",
but rather as "persistence technology for malware"...


  I was very impressed by their ndis-hooking keylogger and its simple
technique for exfiltration.  Although I'm sure quite a lot of IDSen will trip
on it, it may not be covert, but it is very clever, and done in a very small
amount of code.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: