Nicolás Economou(CORE Security Technologies)

Deep Boot

This presentation will unveil a newly developed relatively generic technique to control the boot any operating system running on x86-x64, taking control of the CPU from the first instruction executed by the BIOS boot mechanism to complete the OS boot , ending with the kernel takes control of it. Similar techniques can be found in rootkits and the first version of Computrace. There will be a simulation of a real attack "rootkit" a Windows Live (possibly with an AV running), to achieve persistence, and then demonstrating how the same "rootkit", using this technique (Deep Boot), regain control of the OS from boot.

About Nicolás Economou

Nicolas Economou had worked for the last 6 years as Exploit Writer at CORE Security Technologies writing exploits for multiple platforms including Windows, Mac OS X, Linux and iPhone. Also is a fan of old cars :) Andres Lopez Luksenberg has worked for the last 2 years as a Developer at Core Security Technologies, writing shellcode for multiple platforms -including Windows and Linux-. Currently, he is working in the Impact Agents team, porting the agents to 64bit platforms. Other interests are Web Apps security, Python programming and Virtual Machine technologies. He is studing Systems Engineering at the National Technological University (UTN) in Buenos Aires.

« back to Speakers