[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)

To: "thomas48" <thomas48@xxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Re: SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)
From: "<...>" <massimo@xxxxxxxxxxxxx>
Date: Thu, 22 Jun 2006 16:31:03 +0200

i wonder if joanna knows how much free consultancy she is giving to MS
doing this on the beta 2 kernel

----- Original Message -----From: "thomas48" <thomas48@xxxxxxxxxxxxxx>To: <security-basics@xxxxxxxxxxxxxxxxx>; <firewalls@xxxxxxxxxxxxxxxxx>;<full-disclosure@xxxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>;<focus-ids@xxxxxxxxxxxxxxxxx>; <newslist@xxxxxxxxxxxxxxxxxxxxxx>;<forensics@xxxxxxxxxxxxxxxxx>; <vuln-dev@xxxxxxxxxxxxxxxxx>;<webappsec@xxxxxxxxxxxxxxxxx>

Cc: <organiser@xxxxxxxxxx>
Sent: Sunday, June 18, 2006 4:36 PM

Subject: SyScan'06 Highlight - Attacking Microsoft New Operating System(Vista)

This is a brand new presentation and its going public for the very firsttime in SyScan'06.
Joanna Rutkowska, a senior researcher of COSEINC Research, will presenther latest technique in bypassing and attacking the latest Mircosoft Vistaoperating system kernel.
The presentation will first present how to generically (i.e. not relayingon any implementation bug) insert arbitrary code into the latest VistaBeta 2 kernel (x64 edition), thus effectively bypassing the (in)famousVista policy for allowing only digitally singed code to be loaded intokernel. The presented attack does not requite system reboot.
Next, creation of Stealth by Design malware for Vista x64 will be brieflydiscussed. This will be the base for introducing the new approach(codenamed 'blue pill') for writing undetectable malware on the latestAMD64 processors. The ultimate goal is to demonstrate that is possible (orsoon will be) to create an undetectable malware which is not based on aconcept, but, similarly to modern cryptography, on the strength of the'algorithm'.
A working blue pill will be demonstrated.

Please visit www.syscan.org for more.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)
  - From: thomas48

Prev by Date: Re: [Full-disclosure] <PRE>LOL THIS IS A TEST</PRE>
Next by Date: Re: [Full-disclosure] Delete button
Previous by thread: [Full-disclosure] SyScan'06 Highlight - Attacking Microsoft New Operating System (Vista)
Next by thread: [Full-disclosure] Yersinia new version (added 802.1x support/attack)
Index(es):
- Date
- Thread