This is the video of the talk "Stoned Bootkit: The Rise of MBR Rootkits & Bootkits in the Wild
" given by Peter Kleissner
at HAR 2009
. We covered the Stoned Bootkit in a recent video
. This talk is given by Peter, the original author who wrote Stoned and is a highly recommended watch for people interested in understanding the inner workings of rootkits in general and the Stoned bootkit in particular. Talk Abstract
: "Stoned Bootkit is a new Windows bootkit. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned is executed beside the Windows kernel and has full access to the entire system. It attacks all Windows versions including XP, Vista and 7. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications, and much much more. Inside it is a small operating system! It finally goes back to the roots. So in this way, Your PC is now Stoned! ..again :)
There is one version for all Windows versions from XP up to 7 and it is even bypassing full volume encryption (TrueCrypt). It gives you back the full control over your system which was taken off with Windows Vista (and the signed drivers policy). Stoned is executed before Windows, stays memory resident and is executed beside the Windows kernel. Thus it has full access to the entire system. It gives the user back the control to the system – which was taken away by Windows Vista with its signed driver policy. It allows executing any unsigned driver which can be useful both for device testers and malware developers. The lecture will also handle other bootkits in the wild, the topic will be "The Rise of MBR Rootkits & Bootkits in the Wild". As an extra plus the Windows Product Activation (with OEM BIOS identification) will be discussed.
You can visit the Stoned Bootkit project site
for more details and to download the framework code. Thanks to Sam Bowne
for posting this video.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.