Hackers of India

Vboot Kit: Compromising Windows Vista Security

By  Vipin Kumar   Nitin Kumar  on 04 Apr 2007 @ Hitb Sec Conf

This talk covers following tools where the speaker has contributed or authored
VBOOTKIT

Abstract

Vboot kit is first of its kind technology to demonstrate Windows vista kernel subversion using custom boot sector. Vboot Kit shows how custom boot sector code can be used to circumvent the whole protection and security mechanisms of Windows Vista.The booting process of windows Vista is substantially different from the earlier versions of Windows.The talk will give you details and know abouts for the Vista booting process.Then, we will be explaining the vboot kit functionality and how it works.We will also have an insight into the Windows Vista Kernel.We also go through a sample Ring 0 Shell code(for Vista).The sample shellcode effectively raises the privileges of certain programs to SYSTEM.Also, a live demonstration of vboot kit POC will be done which will show vbootkit in action from OS selection and later on privilege escalation shell code in action.