Description: In this presentation titled "Deeper Door - Exploiting the NIC Chipset", Sherry Sparks and Shawn Embleton discuss a couple of significant problems in existing IDS / Firewall technology and present a proof of concept "chipset" level rootkit / network backdoor that is capable of bypassing virtually all host based firewall and intrusion detection software on the market. These, of course, include popular, widely deployed software like Snort and Zone Alarm Security Suite. Our backdoor operates at an even deeper level than previous backdoors (e.g. Joanna's "DeepDoor" rootkit) because it interacts directly with the chipset interface of the NIC hardware. Capabilities include the ability to both covertly send AND recieve packets. We use both of these capabilities to implement a simple command and control interface. Implications for security vendors include the exfiltration of sensitive information and delayed detection of malware threats like DDOS attacks, Botnes, and Worms.<br><br>A high resolution video of the presentation can be downloaded here. <br><br><br><style type="text/css"> body { background: #FFF; } </style> </div>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.