Press ROOT to Continue - Detecting OSX and Windows Bootkits with RDFU
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of UEFI-based rootkits and malware detection in this Black Hat USA 2013 conference talk. Delve into the Rootkit Detection Framework for UEFI (RDFU), a unified set of tools developed to combat emerging threats across various UEFI implementations. Examine a sample bootkit for Apple OSX, designed specifically for testing purposes, which demonstrates sophisticated infection techniques and functionalities such as FileVault password sniffing, privilege escalation, and file hiding. Learn about the UEFI conceptual overview, runtime services, and the inner workings of RDFU. Gain insights into bootkit workflows and process hiding techniques. Discover the potential applications of this open-source technology in addressing UEFI-based security challenges.
Syllabus
Intro
Our motivation
Booting with BIOS
UEFI Conceptual overview
UEFI images
UEFI Runtime services
How does RDFU work?
Bootkit workflow
Hiding processes
Taught by
Black Hat
Related Courses
Malicious Software and its Underground Economy: Two Sides to Every StoryUniversity of London International Programmes via Coursera Palo Alto Networks Cybersecurity Essentials II
Palo Alto Networks via Coursera Introducción al Análisis del Malware en Windows
National Technological University – Buenos Aires Regional Faculty via Miríadax Android Malware Analysis - From Zero to Hero
Udemy How to Create and Embed Malware (2-in-1 Course)
Udemy