Managed Code Rootkits (Source Boston 2010)
|
|
|
||||||||||||
Description:
This is the video of the presentation titled "Managed Code Rootkits – Hooking into Runtime Environments" given by Erez Metula at SOURCE Boston 2010.
Abstract: This presentation introduces an underestimated threat of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. We'll be covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for application VM such as Java, .NET, Dalvik, and other managed code platforms by changing their internal behavior. The presentation will include attack scenarios and demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things. This presentation will introduce the new version of "ReFrameworker" (previously known as .NET-Sploit) - a generic language modification tool, that can be used to implement the application level rootkit concept. More information on Managed Code Rootkits (MCR) can be found here: http://www.AppSec.co.il
Erez Metula is an application security consultant, spending most of his time finding software vulnerabilities and teaching developers how to fix them. He has extensive hands-on experience performing security assessments and training for worldwide organizations, and had previously talked at BlackHat, Defcon, RSA, OWASP, CanSecWest and more.
Abstract: This presentation introduces an underestimated threat of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. We'll be covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for application VM such as Java, .NET, Dalvik, and other managed code platforms by changing their internal behavior. The presentation will include attack scenarios and demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things. This presentation will introduce the new version of "ReFrameworker" (previously known as .NET-Sploit) - a generic language modification tool, that can be used to implement the application level rootkit concept. More information on Managed Code Rootkits (MCR) can be found here: http://www.AppSec.co.il
Erez Metula is an application security consultant, spending most of his time finding software vulnerabilities and teaching developers how to fix them. He has extensive hands-on experience performing security assessments and training for worldwide organizations, and had previously talked at BlackHat, Defcon, RSA, OWASP, CanSecWest and more.