Nitin Kumar (Founder,

Presentation Title: Vbootkit 2.0: Attacking Windows 7 via Boot Sectors
Presentation Abstract:

This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:

() Windows 7 Boot architecture
() Vbootkit 2.0 architecture and inner workings
() insight into the Windows 7 minkernel

We will also demonstrate:

() The use of Vbootkit in gaining access to a system without leaving traces
() Leveraging normal programs to escalate system privileges
() Running unsigned code in kernel

All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.

About Nitin

Nitin Kumar is an independent Security Engineer and researcher from India. He has been involved in Network Security Analysis and Penetration Techniques. He likes reverse engineering, researching OS and Network Security. He is a recent graduate in Bachelor of Technology, Computer Science and holds RHCE certification. His clients include some of most reputed organizations. His previous work consists of bootkit, vbootkit, nvbit - Bitlocker Volume access tools for Linux.

** Note: Presenting with Vipin Kumar