[Dailydave] Whitepaper: Implementing and Detecting a PCI Rootkit
sinan.eren at immunitysec.com
sinan.eren at immunitysec.com
Fri Nov 17 03:22:53 Local tim 2006
let me rephrase what i meant; there will be no ROM that the runtime OS can
interface with.
sure, if you interface directly to the board or the non-volatile
memory component thats another story. Our goal is not to hide
from the investigator (a.k.a the human) but to hide from the agent
(a.k.a the software: AV, rootkit detectors etc).
so regarding Dan Moniz's suggestions, brilliant stuff! but nothing that we
will invest (or even effort).
On Thu, 16 Nov 2006, Dave Korn wrote:
> On 16 November 2006 18:47, sinan.eren at immunitysec.com wrote:
>
>> I should also note that when you have a FPGA based solution, there is no
>> ROM to be investigated for potential malware.
>
> :) How precisely do you suppose an FPGA gets re-programmed at power-on
> time? They're generally volatile, remember...
>
> cheers,
> DaveK
> --
> Can't think of a witty .sigline today....
>
>
More information about the Dailydave
mailing list