YoVDO

Computrace Backdoor Revisited

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Network Security Courses Computer Security Courses Firmware Security Courses

Course Description

Overview

Explore the security vulnerabilities in modern anti-theft technologies embedded in firmware and PC BIOS of popular laptops and desktop computers. Delve into the potential misuse of Absolute Computrace anti-theft software as an advanced removal-resistant BIOS-based backdoor. Learn about unauthorized activations, network security flaws, and how to exploit remote hosts running Computrace. Discover the inner workings of Computrace, including its suspicious behavior, detection rates, and protocol attacks. Examine the vulnerable protocol design, demo environment, and communication methods of the main agent. Understand local attacks on the configuration block and learn how to detect and deactivate Computrace. Gain insights into similar cases like Radmin and receive practical advice for protecting against these security risks.

Syllabus

Intro
Where is Computrace?
Why this research?
How does it work?
Suspicious Behavior
VT Detection Rate
Attacks on Protocol
Small Agent Protocol
Communication explained
Vulnerable Protocol Design
Demo Environment
Main Agent (rpcnet.exe)
Main Agent Communication
Vulnerable Protection Mechanism
Local attacks - Configuration Block
How to detect Computrace?
How about network detection?
Who activated Computrace?
How to deactivate Computrace?
Some advice
Similar Case: Radmin


Taught by

Black Hat

Related Courses

An Introduction to Computer Networks
Stanford University via Independent
Computer Networks
University of Washington via Coursera
Computer Networking
Georgia Institute of Technology via Udacity
Cybersecurity and Its Ten Domains
University System of Georgia via Coursera
Model Building and Validation
AT&T via Udacity