[Dailydave] Nitin Kumar & Vipin Kumar: "please remember to give necessary credit to the authors" PKB.
Dave Korn
dave.korn at artimi.com
Thu Apr 26 17:39:27 EDT 2007
On 26 April 2007 22:29, Joanna Rutkowska wrote:
> If I'm mistaken and if this attack worked indeed on Vista with
> Bitlocker/TPM enabled, then it would be a *very* nice piece of work! But
> it clearly seems it does not...
I can't say for certain, but I don't see them claiming to have defeated it,
so I think you're most likely right.
> Personally I prefer attacks which allow one to get into kernel on the
> fly, without reboot ;)
Heh, I have the facilities available to me to write custom USB devices.
I've managed to make the kernel divide by zero entirely accidentally, but I
haven't had time to try finding an exploitable overflow. I just *know* they
must be there, though.
> Still, however, I must say I very much enjoyed
> the work by Derek Soeder and also later by John Heasman -- please note
> however that they did not present it as "kernel compromising attacks",
> but rather as "persistence technology for malware"...
I was very impressed by their ndis-hooking keylogger and its simple
technique for exfiltration. Although I'm sure quite a lot of IDSen will trip
on it, it may not be covert, but it is very clever, and done in a very small
amount of code.
cheers,
DaveK
--
Can't think of a witty .sigline today....
More information about the Dailydave
mailing list