The official hash tag for HITBSecConf2010 - Amsterdam is #HITB2010AMS
Come see your tweets fly around our on-site Twitter wall!

Christophe Devine (Security Researcher, Sogeti/ESEC) & Damien Aumaitre (Security Researcher, Sogeti/ESEC)

Presentation Title Subverting Windows 7 x64 Kernel with DMA Attacks
Presentation Abstract

Traditionally, operating systems implicitely trust the hardware.

This presentation will focus on concrete examples of compromising the Windows 7 x64 operating system, in effect bypassing two major security mecanisms: code signing and integrity verification (PatchGuard).

First, we’ll explain the internal structures of the operating system, and how they differ from previous versions. Then we describe how to alter these structures in order to gain control over the execution flow. The implementation of this attack is then presented, using an embedded soft-core MIPS CPU implemented on an FPGA PCMCIA/CardBus card.

Finally, we will conclude on the importance of new protection features included in recent CPUs, in particular the IOMMU and TXT.

About Christophe

Christophe Devine is a security researcher at Sogeti/ESEC since 2009. Previously, he worked on wireless security; he developed aircrack (now aircrack-ng) and xyssl (now polarssl). In 2009, he ported the FireWire attack using an FPGA-based PCMCIA card.

About Damien

Damien Aumaitre is a security researcher at Sogeti/ESEC since 2007. He has been working on virtual memory reconstruction under Windows and Mac OS X, applied first on the FireWire. He is currently implementing a debugger based on hardware virtualization, named virtdbg, to be presented at SSTIC 2010.