True" uh, good afternoon everybody. So, my name's John Heesman and I work for NGS Software in the UK. Um, if you've seen any of my other presentations over the last year, you know I've been focusing on rootkits and specifically rootkit persistence. Today, I'm going to talk about EFI, which is Intel's replacement for the BIOS currently available in MacBooks and likely to be available on those systems most operating systems are likely to support it within the next year. So, this is one of what I want to get through today: to give you some background on EFI. I'm actually going to start by talking about a legacy BIOS. So, I've got quite a lot of slides to get through, so I'm going to move quickly through the early ones, where I'm going to talk about what the BIOS actually has to accomplish, how we can attack a traditional BIOS, the limitations, and basically the motivation for Intel developing EFI. Then, we'll talk about some EFI specific attacks and also the relevance of the attacks against legacy BIOSes. Then, I want to talk about UEFI, which is the kind of successor to EFI. It's the next version that the consortium is working on. I'll summarize and draw some conclusions. Firstly, I want to make a few caveats here. Um, as I said, I'm interested in talking about rootkit persistence. I'm not really interested in what the rootkit does. Essentially, I want to persist a rootkit on some device in some firmware. I don't want the rootkit to be on disk. However, I do want it to be able to load automatically. So, my rootkits have no bootstrap component on disk. They persist in firmware and they're able to load themselves into the kernel, typically before the operating system...
Award-winning PDF software
Video instructions and help with filling out and completing Dd 1750
