Press ROOT to Continue - Detecting OSX and Windows Bootkits with RDFU
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a comprehensive analysis of UEFI-based rootkits and malware detection in this Black Hat USA 2013 conference talk. Delve into the Rootkit Detection Framework for UEFI (RDFU), a unified set of tools developed to combat emerging threats across various UEFI implementations. Examine a sample bootkit for Apple OSX, designed specifically for testing purposes, which demonstrates sophisticated infection techniques and functionalities such as FileVault password sniffing, privilege escalation, and file hiding. Learn about the UEFI conceptual overview, runtime services, and the inner workings of RDFU. Gain insights into bootkit workflows and process hiding techniques. Discover the potential applications of this open-source technology in addressing UEFI-based security challenges.
Syllabus
Intro
Our motivation
Booting with BIOS
UEFI Conceptual overview
UEFI images
UEFI Runtime services
How does RDFU work?
Bootkit workflow
Hiding processes
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network