The Advanced Threats Evolution: REsearchers Arm Race
The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused to cover specific gaps in detection methods or algorithms of data collection. The main direction of advanced threats like rootkits or bootkits has been always beneficial from persistent methods to be closer to the hardware and firmware levels. As much as modern operating systems evolving in the direction of building more mitigations to increase the cost of exploitation and malware persistent, as much advanced threat actors looking more for the next lowest level of persistent.
This talk will look over the prism of the evolution of advanced threats to evolution or lack of evolution of the tools for forensics and reverse engineering. During the talk, we will dig deeper into modern gaps to try to find the solution to improve visibility and prevent advanced threat actors coming from the levels where security sensors not exist.
Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers, and is a frequent speaker at security conferences, including REcon, Zeronigths, Black Hat, DEFCON, and others. Additionally, he is awarded by Hex-Rays for open-source plugin HexRaysCodeXplorer which is developed and supported since 2013 by REhint’s team.