Computrace Backdoor Revisited
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the security vulnerabilities in modern anti-theft technologies embedded in firmware and PC BIOS of popular laptops and desktop computers. Delve into the potential misuse of Absolute Computrace anti-theft software as an advanced removal-resistant BIOS-based backdoor. Learn about unauthorized activations, network security flaws, and how to exploit remote hosts running Computrace. Discover the inner workings of Computrace, including its suspicious behavior, detection rates, and protocol attacks. Examine the vulnerable protocol design, demo environment, and communication methods of the main agent. Understand local attacks on the configuration block and learn how to detect and deactivate Computrace. Gain insights into similar cases like Radmin and receive practical advice for protecting against these security risks.
Syllabus
Intro
Where is Computrace?
Why this research?
How does it work?
Suspicious Behavior
VT Detection Rate
Attacks on Protocol
Small Agent Protocol
Communication explained
Vulnerable Protocol Design
Demo Environment
Main Agent (rpcnet.exe)
Main Agent Communication
Vulnerable Protection Mechanism
Local attacks - Configuration Block
How to detect Computrace?
How about network detection?
Who activated Computrace?
How to deactivate Computrace?
Some advice
Similar Case: Radmin
Taught by
Black Hat
Related Courses
Developing Secure IoT ApplicationsEDUCBA via Coursera Firmware Vulnerabilities in Critical Infrastructure - Tools and Techniques for Security Analysis
BruCON Security Conference via YouTube Decentralized Energy Production: Green Future or Cybersecurity Nightmare?
media.ccc.de via YouTube A Canonical Event Log Structure for IMA - Optimizing Attestation Information
Linux Foundation via YouTube Breaking Firmware Trust From Pre-EFI - Exploiting Early Boot Phases
Ekoparty Security Conference via YouTube