Loading…
This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 10 • 11:00 - 11:59
Is there an EFI monster inside your apple?

Sign up or log in to save this to your schedule and see who's attending!

A few weeks ago I publicly disclosed an Apple EFI firmware zero day.
It was a very powerful bug allowing direct access to the EFI firmware from the operating system. EFI rootkits are some of the most powerful and most interesting rootkits. Because they work at a very low level they can play a lot of tricks to hide themselves from forensics and persist for a long time.

EFI monsters are a bit like jaguars, stealthy and rarely seen by humans. This doesn't mean they do not exist. EFI monsters are most certainly part of spy agencies rootkits catalog.
Very few tools exist to chase them.

This talk is about introducing you to the EFI world so you can also start to chase these monsters. EFI world might look scary but it's a bit easier than you think and a lot of fun.

Reference blogpost:
https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/

Plus content about EFI layout, where to seek rootkits and so on.
Essentially an introduction to EFI and how to find out potential rootkits there.

Speakers
PV

Pedro Vilaça

A leading expert in the field of not being an expert, plays with computers for more than 30 years, holds a degree in Economics and a MBA, writes a somewhat famous OS X related blog, breaks copy protections for fun and profit, annoys HackingTeam, trolls Apple’s product security policy, loves to solve weird problems, tries to spread some knowledge and write a | different bio for each conference. | Lately very interested in improving OS X... Read More →


Thursday September 10, 2015 11:00 - 11:59
Track 1

Attendees (13)