Vbootkit 2.0: Attacking Windows 7 via Boot Sectors
This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:
() Windows 7 Boot architecture
() Vbootkit 2.0 architecture and inner workings
() insight into the Windows 7 minkernel
We will also demonstrate:
() The use of Vbootkit in gaining access to a system without leaving traces
() Leveraging normal programs to escalate system privileges
() Running unsigned code in kernel
() Remote command & Control
All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.
Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors
