Exposing Bootkits with BIOS Emulation

Explore advanced techniques for detecting and countering bootkits through BIOS emulation in this Black Hat conference talk. Delve into the world of stealth malware and learn how to expose threats that attempt to subvert modern security features. Discover methods to regain control of compromised machines by examining deep internal structures of operating systems. Analyze the challenges posed by security measures in 64-bit Windows versions, including Driver Signature Enforcement and PatchGuard, and understand how bootkits exploit vulnerabilities in legacy BIOS systems. Gain insights into innovative approaches combining low-level anti-rootkit techniques, emulation, and heuristic detection logic to identify anomalies in boot sectors and uncover the presence of bootkits.

Exposing Bootkits with BIOS Emulation