funsec mailing list archives
Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 17 Oct 2006 22:42:41 -0400
On 10/17/06, Fergie <fergdawg () netzero net> wrote:
Microsoft's twice-yearly BlueHat hacker summit, running Oct. 26-27, will kick off later this week with a demo of a virtual machine rootkit that can potentially be used to defeat the controversial PatchGuard technology. Dino Dai Zovi, a principal at penetration-testing outfit Matasano Security, has been invited to Microsoft's Redmond, Wash., campus to showcase a hardware VM-based rootkit called Vitriol that piggybacks on Intel's VT-x virtualization extension.
Hmm, the last one we saw used AMD's virtualization technology and the fact that MS was paging kernel memory. There are a few more methods to go through it seems :-) In the last thread about this we learned that turning off the VM capabilities on a machine will disable this payload. If it holds true for this one as well then it would seem this VM technology should only be enabled on machines that need it, while the rest of people should disable this feature, if it isnt disabled already (its turned off by default in Optiplexs' BIOS, not sure about other brands). For those that run VM in the classroom, we might need to consider discontinuing that practice for high security areas, and rebooting the box once a day for others ;-) -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Fergie (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Valdis . Kletnieks (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 17)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Blue Boar (Oct 18)
- Re: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Dude VanWinkle (Oct 18)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- <Possible follow-ups>
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Larry Seltzer (Oct 17)
- RE: 'Vitriol' Rootkit to Demo at MS BlueHat Hacker Summit Fergie (Oct 17)