By Matthew Broersma
30 April 2007
Joanna Rutkowska, a security researcher known for picking apart the
security mechanisms built into Windows, is to demonstrate new ways for
hackers to invade Windows Vista, including rootkit techniques and ways
to defeat BitLocker drive encryption.
Rutkowska recently announced she will be running a training session
called "Understanding Stealth Malware" during the Black Hat Briefings
and Training event in Las Vegas, which runs from from 28 July to 2
The training session, which will be co-presented by researcher Alex
Tereshkin, promises to demonstrate new rootkits developed for Vista,
ways of defeating hardware-based forensics systems and other techniques
Microsoft would probably prefer the world didn't know.
Rutkowska said she, too, is aware of the need for discretion. "For
ethical reasons we want to limit the availability of this course to only
'legitimate' companies," she said in a post on her blog, Invisible
Rutkowska isn't against Windows as such, but has a track record of
ferreting out its weaknesses. She recently uncovered a number of flaws
in Vista's much-hyped User Account Control (UAC) feature, which led
Microsoft to declare that the feature wasn't really intended for
security after all.
Until recently she was a researcher for Coseinc, but is now in the
process of founding a security start-up based in Poland, she said.
Earlier this spring she demonstrated several methods that sophisticated
rootkits can use to hide from even the most reliable detection method
currently available - hardware-based products that read a system's RAM.
The demonstration in July will cover such methods, but will be more
comprehensive, including unpublished techniques, implementation details,
new code and sample rootkits.
The target will be Windows and specifically 64-bit Vista, including new
kernel attacks against the latest 64-bit Vista builds.
"These attacks, of course, work on the fly and do not require system
reboot and are not afraid of the TPM/BitLocker protection," she wrote.
TPM (Trusted Platform Module) refers to security systems with a hardware
component built into the processor, designed to improve security and
specifically to make copy-protection systems more difficult to
circumvent. Rutkowska said the demonstrated techniques would work
against copy-protection systems, but that this side of things wouldn't
be specifically discussed at the demonstration.
The training is aimed at security and OS developers, forensic
investigators and penetration testers, Rutkowska said.
Subscribe to InfoSec News