Abstract

This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:

() Windows 7 Boot architecture () Vbootkit 2.0 architecture and inner workings () insight into the Windows 7 minkernel

We will also demonstrate:

() The use of Vbootkit in gaining access to a system without leaving traces () Leveraging normal programs to escalate system privileges () Running unsigned code in kernel

All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.