During a training session called "Understanding Stealth Malware" at the Black Hat event in Las Vegas, Joanna Rutkowska, a security researcher known for picking apart the security mechanisms built into Windows, is to demonstrate new ways for hackers to invade Windows Vista. Rutkowska said she is aware of the need for discretion: "For ethical reasons we want to limit the availability of this course to only "legitimate" companies." The training is aimed at security and OS developers, forensic investigators and penetration testers, Rutkowska said.
Earlier this spring, Rutkowska demonstrated several methods that sophisticated rootkits can use to hide from even the most reliable detection method currently available – hardware-based products that read a systems RAM. The demonstration will cover such methods, but will be more comprehensive, including unpublished techniques, implementation details, new code and sample rootkits. The target will be Windows but will also focus on the 64-bit version of Vista, including new kernel attacks. "These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/BitLocker protection." Trusted Platform Module refers to security systems with a hardware component built into the processor, designed to improve security and specifically to make copy-protection systems more difficult to circumvent.
News source: PC World