Joanna Rutkowska, senior security researcher for COSEINC, a Singapore-based IT security company, is to demonstrate new kernel attacks against the latest Windows Vista x64 builds, including ways to defeat Trusted Platform Module/BitLocker protection.
The renowned rootkit researcher has quietly started her own security consulting and research firm, and recently announced she will be running two public classes training session called “Understanding Stealth Malware,” on July 28/29 and July 30/31 2006, during the Black Hat Briefings and Training event in Las Vegas.
She said in a post on her blog, Invisible Things:
The training will feature many previously unpublished techniques, implementation details, and of course lots of brand new code, developed especially for the training. The code will include sample rootkits similar to Deepdoor, Firewalk, Blue Pill and Delusion (but redesigned and rewritten from scratch) as well as some more exotic things, like e.g. anti-hardware-forensic attacks.
As the training will be focused on Windows platform and Vista x64 specifically, we will also present some new kernel attacks against latest Vista x64 builds. These attacks, of course, work on the fly and do not require system reboot and are not afraid of the TPM/Bitlocker protection.
The training session, which will be co-presented by researcher Alex Tereshkin, aimed at security and OS developers, forensic investigators and penetration testers, Rutkowska said.
For ethical reasons the training is limited only to “legitimate” companies, thus we require that you specify your official business email address and company’s website when registering for the course, Rutkowska said.
This looks like a good opportunity for Rutkowska.
However, I feel bad seeing Windows users are the biggest looser here. They end up not just buying Vista, the most expensive operating system to date, but also buying security software to compensate Vista security weakness. Worst is that some of them spend millions hiring security consulting firm all because of a lousy product.