Description: Virtualization rootkits have been a hot topic for the past couple of years. In this talk titled "A New Breed of Rootkit: The System Management Mode (SMM) Rootkit", Shawn and Sherry discuss a new type of malware with potentially even greater stealth: The System Management Mode (SMM) Rootkit. System Management Mode, a relatively obsecure mode on Intel processors, provides an isolated memory and execution environment. SMM code is invisible to the Operating System yet retains full access to host physical memory and complete control over peripheral hardware. They demo a proof of concept SMM rootkit that functions as a chipset level keylogger. Their rootkit hides its memory footprint, makes no changes to the host Operating System, and is capable of covertly exfiltrating sensitive data across the network while evading essentially all host based intrusion detection systems and firewalls.<br><br>The slides for the presentation is available here and a high resolution video can be downloaded here.<br><br><br></div>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.