No Hat 2022 - Alex Matrosov - [Keynote] The Evolution of Firmware Threats: Attacks below the OS
THE EVOLUTION OF FIRMWARE THREATS: ATTACKS BELOW THE OS Defensive software evolution is closely linked to the evolution of the modern threat landscape. Each iteration of evolution covers a specific gap in detection methods. Rootkits and bootkits have always benefited from persistent methods to get closer to hardware and firmware. Operating systems are evolving in a way that increases the cost of malware persistence and exploitation, as well as advanced threat actors are looking for the next level of persistence below the OS. Historically, firmware attacks have been more associated with advanced state-sponsored threat actors. In the modern threat landscape, firmware has become more and more of a sweet spot for attackers. But when it comes to detecting firmware threats, the industry is just scratching the surface. Current discoveries reveal that threat actors have been stealthy operating since 2015 or even earlier. ALEX MATROSOV - CEO and Founder @Binarly Inc. Alex Matrosov is CEO and Founder of Binarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. Alex has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE). Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community. Links: No Hat - Website: nohat.it No Hat - Twitter: @nohatcon A. Matrosov - Twitter: @matrosov A. Matrosov - Github: @matrosov Intro/Outro song: ORION - Against The Time
THE EVOLUTION OF FIRMWARE THREATS: ATTACKS BELOW THE OS Defensive software evolution is closely linked to the evolution of the modern threat landscape. Each iteration of evolution covers a specific gap in detection methods. Rootkits and bootkits have always benefited from persistent methods to get closer to hardware and firmware. Operating systems are evolving in a way that increases the cost of malware persistence and exploitation, as well as advanced threat actors are looking for the next level of persistence below the OS. Historically, firmware attacks have been more associated with advanced state-sponsored threat actors. In the modern threat landscape, firmware has become more and more of a sweet spot for attackers. But when it comes to detecting firmware threats, the industry is just scratching the surface. Current discoveries reveal that threat actors have been stealthy operating since 2015 or even earlier. ALEX MATROSOV - CEO and Founder @Binarly Inc. Alex Matrosov is CEO and Founder of Binarly Inc. where he builds an AI-powered platform to protect devices against emerging firmware threats. Alex has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. He served as Chief Offensive Security Researcher at Nvidia and Intel Security Center of Excellence (SeCoE). Alex is the author of numerous research papers and the bestselling award-winning book Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. He is a frequently invited speaker at security conferences, such as REcon, Black Hat, Offensivecon, WOOT, DEF CON, and many others. Additionally, he was awarded multiple times by Hex-Rays for his open-source contributions to the research community. Links: No Hat - Website: nohat.it No Hat - Twitter: @nohatcon A. Matrosov - Twitter: @matrosov A. Matrosov - Github: @matrosov Intro/Outro song: ORION - Against The Time